• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

attachment extensions on forms

Engaged ,
Mar 29, 2016 Mar 29, 2016

Copy link to clipboard

Copied

Hi everyone. My company has been hit with 3 viruses in the last few months and we think it's because of some attachments employees are clicking on and opening. We have a quote page on our web site form that allows users to attach files that get sent to our quote email address. The form does not prevent certain attachments from being uploaded and attached and sent to the email though. Does anyone know how to prevent certain file extension attachments to not be allowed to be sent from a form in Cold Fusion? I would probably want to prevent .exe, .zip, etc. files for sure. Thanks.

Andy

Views

605

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

LEGEND , Mar 29, 2016 Mar 29, 2016

Hi, jamie61880‌,

To my knowledge, there is no way to "blacklist" file extensions, but you can specify what filetypes are allowed if you are using CFFILE to upload the files to the server.  The link goes to the Adobe Help page for CFFILE.

HTH,

^_^

UPDATE:  Also, if you communicate with the server admin, you can set up a folder specifically for uploading the files to and set the folder permissions to NOT allow execution of any file.  This will automatically prevent an infected file from infecting the

...

Votes

Translate

Translate
LEGEND ,
Mar 29, 2016 Mar 29, 2016

Copy link to clipboard

Copied

Hi, jamie61880‌,

To my knowledge, there is no way to "blacklist" file extensions, but you can specify what filetypes are allowed if you are using CFFILE to upload the files to the server.  The link goes to the Adobe Help page for CFFILE.

HTH,

^_^

UPDATE:  Also, if you communicate with the server admin, you can set up a folder specifically for uploading the files to and set the folder permissions to NOT allow execution of any file.  This will automatically prevent an infected file from infecting the system.  You can then scan the file for virii and delete it if it's infected, before moving it elsewhere.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Mar 29, 2016 Mar 29, 2016

Copy link to clipboard

Copied

Thanks! This works, but I'm not sure if we're going to want to limit ourselves on every file we receive. We receive some odd ones sometimes that are legitimate that we need to open.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Mar 29, 2016 Mar 29, 2016

Copy link to clipboard

Copied

In that case, you could forget about the accept parameter and just upload the file to a folder that has no execution privileges - this should be huge in helping to prevent the virus transmission.

If the server doesn't automatically scan all uploaded files, I'm not sure if CF has anything that could scan.

V/r,

^_^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Mar 30, 2016 Mar 30, 2016

Copy link to clipboard

Copied

On the subject of virus scanning, if you can't configure virus scanning software to do on-demand scanning of upload folder(s), then you might be able to programmatically initiate a scan of the uploaded file after the <cffile> operation by using <cfexecute> and calling the virus scanner via command-line parameters.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Mar 30, 2016 Mar 30, 2016

Copy link to clipboard

Copied

LATEST

That's a great idea, as long as the security isn't screwed down so tight that CFEXECUTE isn't allowed to run. 

V/r,

^_^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation