5

I'm writing a ASP.NET application to process user submitted zip files and limiting my extraction of files from it to only the extensions I want.

I've heard of infected zip files attached to emails and I was wondering if I should be concerned about extracting data from infected zip files in my application. I don't plan on executing the content inside of the zip file, but will opening and extracting from an infected zip file cause the file to execute a virus even if I'm not executing any content inside of the zip file?

Peter Smith
  • 849
  • 2
  • 11
  • 28
  • 1
    There's a difference between the format of the transported data and the software used to interpret the format of the transported data. If there had been only one piece of software that could unzip zip files, then there would be a much higher chance of there being something to exploit, but a flaw that would introduce a trojan (or similar) for one particular unzipper is unlikely to work with any other implementation, so I wouldn't worry too much about this as a problem. – Lasse V. Karlsen Jun 12 '10 at 23:37

1 Answers1

1

It's possible if somebody finds an exploitable flaw in the unzipping implementation... But I've never seen one. I wouldn't say it's something to get worried over.

However, it's not hard to quarantine incoming files, scan them and move them off to your application at a later time. You could even do on-demand scanning but that can cause nasty bottlenecks on a busy system. It all depends how fast you need an uploaded file scanned.

Oli
  • 235,628
  • 64
  • 220
  • 299