Menu
I'm writing a ASP.NET application to process user submitted zip files and limiting my extraction of files from it to only the extensions I want.
I've heard of infected zip files attached to emails and I was wondering if I should be concerned about extracting data from infected zip files in my application. I don't plan on executing the content inside of the zip file, but will opening and extracting from an infected zip file cause the file to execute a virus even if I'm not executing any content inside of the zip file?
719
It's possible if somebody finds an exploitable flaw in the unzipping implementation... But I've never seen one. I wouldn't say it's something to get worried over.
However, it's not hard to quarantine incoming files, scan them and move them off to your application at a later time. You could even do on-demand scanning but that can cause nasty bottlenecks on a busy system. It all depends how fast you need an uploaded file scanned.
198
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
