How to block malicious files while uploading

Thread is closed for posting
4 posts, 0 answers
  1. Chaitanya
    Chaitanya avatar
    2 posts
    Member since:
    Jun 2014

    Posted 11 Jun 2014 Link to this post

    Hi ,

    I encountered a scenario i.e. where we have to stop uploading of .exe or .bat files when their extension is changed to acceptable extension (.txt,.html,.htm,.odt,.rtf,.doc,.docx). I have tried to find a solution by using .NET code where I have used header codes of different file extensions, but header codes for .html and .htm get changed and doesn't seem to have a fixed header code. I have used Mime/Extension type but it didn't work. Looking for a solution through Telerik Controls.

    Thanks,
    Chaitanya.
  2. Shinu
    Shinu avatar
    17764 posts
    Member since:
    Mar 2007

    Posted 11 Jun 2014 in reply to Chaitanya Link to this post

    Hi Chaitanya,

    In order to achieve your scenario you can use RadAsyncUpload Control. Please try to set the AllowedFileExtensions property of RadAsyncUpload, this will upload files with the specified extensions. Please take a look into this help documentation to get further information and also take a look into this online demo.

    Thanks,
    Shinu.
  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. Chaitanya
    Chaitanya avatar
    2 posts
    Member since:
    Jun 2014

    Posted 11 Jun 2014 in reply to Shinu Link to this post

    Hi Shinu,

    I had used that RadAsyncUpload control only. i used the property of AllowedFileExtensions but when we are trying to rename the file from .exe to .txt  control will treat that as .txt file we have to block those files based on the real type of file. if the file is pure txt file then only i need to allow or else i need to block such malicious files

    Thanks,
    Chaitanya.
  5. Shinu
    Shinu avatar
    17764 posts
    Member since:
    Mar 2007

    Posted 30 Jul 2014 in reply to Chaitanya Link to this post

    Hi Chaitanya,

    As far as I know checking the file extension is the only client side solution which can prevent the user from uploading malicious files.
    If you want to validate the file from Server Side, you can try the approach mentioned in the following article before saving it to the target path.

    Detect Executable file or Virus during File Upload.
    Prevent exe or msi to save on server even after changing extension.

    Thanks,
    Shinu.
Back to Top