Educause Security Discussion
mailing list archives
Re: uploading application content to CMS system
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Thu, 6 Nov 2008 13:26:45 +1300
On 5/11/2008, at 11:24 AM, Russell Fulton wrote:
we are using Jahia to implement a new Content Management System for
our major web presence. And, unsurprisingly, departments want to
upload all sorts of application content -- from word docs to flash
movies -- some of this content may come from students. We intend
scanning all content that isn't straight html for malware before
accepting it, does anyone have any other suggestions for mitigating
the risk of accepting malicious content.
From my colleague Bojan Zdrnja who is currently in Europe:
Use a Flash decompiler, if possible, and scan for embedded URLs.
This would depend on the purpose of the upload form but this what
imageshack.us uses to detect Flash movies uploaded by spammers.