On Tue, 27 Jan 2004, Brent J. Nordquist wrote:
> The only thing that's been holding me back from doing that here, or
> implementing similar measures (e.g. unzip and see if there's only a .scr
> or .pif inside), is the fear of a "10 gigabytes of 0's" DoS ZIP file.
If you have GNU cut, this should be safe:
unzip -p $part | cut -b -100000 | wc
That should kill the unzip once it goes past 100K.
Better yet, why not do the equivalent of:
unzip -l $part | grep -i $bad_exts
Just check if the unzipped file has any .exe, .pif, etc. in it. This
is more reliable and future-proof than testing for a specific size.
--
David.
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
