Re: uploading application content to CMS system

[Russell Fulton <r.fulton () AUCKLAND AC NZ>]

On 5/11/2008, at 11:24 AM, Russell Fulton wrote:

> Hi folks
>
> we are using Jahia to implement a new Content Management System for
> our major web presence.  And, unsurprisingly, departments want to
> upload all sorts of application content -- from word docs to flash
> movies -- some of this content may come from students.  We intend
> scanning all content that isn't straight html for malware before
> accepting it, does anyone have any other suggestions for mitigating
> the risk of accepting malicious content.

From my colleague Bojan Zdrnja who is currently in Europe:

Use a Flash decompiler, if possible, and scan for embedded URLs.
This would depend on the purpose of the upload form but this what
imageshack.us uses to detect Flash movies uploaded by spammers.

Russell