Just check if the unzipped file has any .exe, .pif, etc. in it. This is more reliable and future-proof than testing for a specific size.
Using the Archive::Zip module from CPAN could be an even better idea if we want to avoid the fork/exec and shell pipeline. I think it should be as simple as (warning, completely untested):
use Archive::Zip;
my $zip = Archive::Zip->new(); if( $zip->read($entity->bodyhandle->path) == AZ_OK ) { # It's a valid zip my @members = $zip->members(); foreach my $member (@members) { my $size = $member->uncompressedSize(); my $file = $member->fileName(); # Now, test for file extension and/or bad file sizes } }
Cheers, Dave -- Dave O'Neill <[EMAIL PROTECTED]> Roaring Penguin Software Inc. +1 (613) 231-6599 ext. 104 http://www.roaringpenguin.com/
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang