WebApp Sec mailing list archives
Re: Content monitorting in Application Security
From: Martin Mačok <martin.macok () underground cz>
Date: Mon, 10 Jan 2005 10:35:58 +0100
On Sun, Jan 09, 2005 at 04:22:35PM -0500, Ofer Shezaf wrote:
Do you think that matching extension and content type header would be enough? If no, are you aware of any technology to determine a file type according to its content?
Name : file URL : ftp://ftp.gw.com/mirrors/pub/unix/file/ Summary : A utility for determining file types. Description : The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. % file *.* activity.png: PNG image data, 598 x 639, 8-bit/color RGB, non-interlaced apache_chunked.nasl: ISO-8859 English text eicar.com: ASCII text, with no line terminators hadi.scr: MS Windows PE 32-bit Intel 80386 GUI executable hadi.zip: Zip archive data, at least v2.0 to extract japanesesubway.wmv: Microsoft ASF jihlava-praha.ps: PostScript document text conforming at level 3.0 music.mp3: MP3 file with ID3 version 2.3.0 tag Ricany-info.pdf: PDF document, version 1.4 ssl-lwp.pl: a /usr/bin/perl -w script text executable upgrade.sh: Korn shell script text executable Martin Mačok ICT Security Consultant
Current thread:
- Content monitorting in Application Security Alfred Hitchcock (Jan 07)
- Re: Content monitorting in Application Security Ivan Ristic (Jan 08)
- Re: Content monitorting in Application Security Paul Laudanski (Jan 08)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 08)
- <Possible follow-ups>
- RE: Content monitorting in Application Security Security (Jan 08)
- RE: Content monitorting in Application Security Paul Laudanski (Jan 09)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 09)
- Re: Content monitorting in Application Security Martin Mačok (Jan 10)
- RE: Content monitorting in Application Security Antoine Martin (Jan 10)
- Re: Content monitorting in Application Security oliver.karow (Jan 10)
- Re: Content monitorting in Application Security Ivan Ristic (Jan 10)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 13)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 15)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 23)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 23)
- Re: Content monitorting in Application Security Martin Schapendonk (Jan 24)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 27)