Open holmesworcester opened 1 year ago
My theory is that it's a problem with extremely small files (we are talking about bytes). There is a set tolerance for difference in size above which we consider the file malicious. For files so small as 14 bytes even 1 byte of a difference can be bigger than the tolerance that we set. So far we were mostly focused on bigger files as potentially more problematic but it looks like very small files have their own problems as well.
On attached screenshot you can see that "Hello!" which is 14 bytes didn't went through but "Hello!2" - 35.45 KB uploaded without issues. This is something that I was able to reproduce on few machines with several different files.
We could rethink the size checking. It might not really be offering much protection as is, and if it's not it's probably not worth doing at all.
Or we could fix it so that it's more tolerant of a small discrepancy
Steps to reproduce in Quiet 1.8.0 linux:
Expected: receiving user can see files Actual: user sees files with error "File not valid. Download canceled."
Archive (1).zip