Recipe 11-3: Inspecting File Attachments for Malware
This recipe shows you how to determine when attackers attempt to force users to send unintentional requests.
Ingredients
- ClamAV (http://www.clamav.net)
- OWASP ModSecurity Core Rule Set
- modsecurity_crs_46_av_scanning.conf
- ModSecurity
- FILES_TMPNAMES variable
- @inspectFile operator
CAPEC-184: Software Integrity Attacks
An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target’s integrity to achieve an insecure state.
Sample Attacks
A common attack vector is to abuse an application’s own file upload capability to plant malicious files on the site for other clients to download later. Allowing clients to upload files to your web application can potentially cause big problems, but many businesses require this functionality.
If you must allow file uploads in your web application, I strongly encourage you to review the OWASP Unrestricted File Upload vulnerability page.1 Although it is certainly possible to attack the web application platform itself, attacks on other systems are possible as well:
- If an .exe file is uploaded into the web tree, victims download an executable file containing a trojan.
- If a virus-infected file is uploaded, victims’ machines are infected.
- If an .html file containing ...
Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
