in reply to Re^2: prevent arbitrary code execution in images
in thread prevent arbitrary code execution in images

That's a toughie. Convert JPGs to PNGs and back? If the conversion tool doesn't give an error, it will surely corrupt the virus. (Discard the file if the conversion tool gives an error.)

Is that really something that needs to be checked actively? Maybe it's sufficient to keep logs and act on reports reactively. It depends on the case, really.

  • Comment on Re^3: prevent arbitrary code execution in images

Replies are listed 'Best First'.
Re^4: prevent arbitrary code execution in images
by FoxtrotUniform (Prior) on Sep 15, 2004 at 23:33 UTC
    Convert JPGs to PNGs and back? If the conversion tool doesn't give an error, it will surely corrupt the virus. (Discard the file if the conversion tool gives an error.)

    That's not a bad idea. My only concern is that, since JPEG's a lossy format, re-JPEGging an image might introduce more compression artifacts. In that case, you might want to leave the image as a PNG. (I can't offhand think of any reason why you'd want to use JPEG instead of PNG... I think the compression rates are pretty similar these days.)

    --
    F o x t r o t U n i f o r m
    Found a typo in this node? /msg me
    % man 3 strfry

[reply]
      Out of curiosity, I tried converting two jpegs to pngs (using convert). One of them became four times bigger, the other one nine times bigger.

      (BTW, I also tried converting the same jpegs to gifs, and they became five and six times larger.)
[reply]
        You discard the conversion output. You just want to know if it worked or not. Like a regex without parens, the only thing you're looking for is metadata.

        --
        Spring: Forces, Coiled Again!
[reply]
Re^4: prevent arbitrary code execution in images
by PodMaster (Abbot) on Sep 16, 2004 at 02:30 UTC
    That's a toughie. Convert JPGs to PNGs and back?
    I'm sorry, but that is a tad too creative :) I'd use a virus scanner like File::Scan or clamav and scan the files for viruses upon upload.

    MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
    I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
    ** The third rule of perl club is a statement of fact: pod is sexy.

[reply]
      Scan files for viruses on upload? Doesn't that depend on the scanner package having a profile to look for? Which means that a new virus gets through until someone circulates a new profile (and other people fetch it to update their scanners)?

      If a file is supposed to contain an image (but also contains a virus), it actually makes a lot more sense to apply some global filter to the "pixel" data such that image quality would be generally preserved, but anything like machine code would be obliterated. It's a pity that the same does not hold for email attachments that are supposed to be MS-Word "doc" files, etc...

[reply]

In Section Seekers of Perl Wisdom