[Mimedefang] New .zip virus?
Dave O'Neill
dmo at roaringpenguin.com
Tue Jan 27 13:36:12 EST 2004
David F. Skoll wrote:
> Just check if the unzipped file has any .exe, .pif, etc. in it. This
> is more reliable and future-proof than testing for a specific size.
Using the Archive::Zip module from CPAN could be an even better idea if
we want to avoid the fork/exec and shell pipeline. I think it should be
as simple as (warning, completely untested):
use Archive::Zip;
my $zip = Archive::Zip->new();
if( $zip->read($entity->bodyhandle->path) == AZ_OK ) {
# It's a valid zip
my @members = $zip->members();
foreach my $member (@members) {
my $size = $member->uncompressedSize();
my $file = $member->fileName();
# Now, test for file extension and/or bad file sizes
}
}
Cheers,
Dave
--
Dave O'Neill <dmo at roaringpenguin.com> Roaring Penguin Software Inc.
+1 (613) 231-6599 ext. 104 http://www.roaringpenguin.com/
More information about the MIMEDefang
mailing list