Closed security-companion closed 3 years ago
We can consider that, I'd run some tests how prevalent this is before. However we should check the full 7z file signature, not just the first 2 bytes. That looks too likely for a false positive to me. That should be '7z\xBC\xAF\x27\x1C' according to https://en.wikipedia.org/wiki/List_of_file_signatures
Thanks for the hint, I adapted the pull request.
I made a scan with this added on the alexa top 1 million and it found zero instances of a 7z backup file. (It also found zero .bz2 or .xz archives...) Given these numbers I'm currently not keen on adding more file formats... I guess maybe people who leave backups on their servers are less likely to use unconventional compression formats.
Thanks for checking on this, I completely understand that you didn't want to merge this.
I suggest to add testing for 7z files backup file I uploaded a test file (backup.7z) to my webspace and the file was identified correctly as 7z