[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How do you guys handle PNG/JPG binary files with potential payloads for all the image viewers?

I feel like ClamAV would be the cheapest and easiest solution for handling png and jpgs, But like Sebastian said it does depend on use case. There are multiple av scanners/solutions but many are paid services, I've been using clam av for my email setup and it feel like it's been sufficient. You would need to enable png/jpeg extensions for ClamAV if that would be your plan and some sort of sandboxed environment for clamav/imagemagick iirc.

P.S I've just subscribed to this list, so please excuse me if i repeated any information as I can't see this whole email thread.


On 6/20/2022 12:10 PM, Sebastian Rose wrote:
Davide Prina <Davide.Prina@null.net> writes:
Corey H wrote:

how do you guys test all of the potential PNG/JPG potential malware payloads
What's your use-case? As I'm not aware of an vector for GNU/Linux in
normal everyday use¹, I guess you host files for Windows clients?

Did anyone mention ClamAV already? If so, please ignore me (sorry for
not following closely...).

  - Sebastian

¹ One can execute every file on GNU/Linux. But the attack is that
execution of a file, not the file (otherwise we'd have to consider `rm',
`gpg', `scp', and many more malware, too).

Reply to: