I have developed a legacy driver to allow and block the transfer of specific files from hard disk to external devices. This works fine.

The issue I face is that, here the user is able to modify the file name and file file type.

How can I find the original file type and file name modified by user ?

Is it possible to find the original file type using portable executable header ?

(Files type for example .pdf,.txt)

During my research I found that they are able to find original file type.How do they find the original file type. Similar has been done by " http://checkfiletype.com/"

Thanks in advance. Can you provide any solution for this.

1 Answers

0
YaTaF On

This game had a name.

The name of the game is "last one who moves wins"

I will gladly exfiltrate files by base85 encoding them and dropping that as content in an allowed type.

Your users will no doubt come up with other clever ways.

Now if you were doing this for virus control I'd say just examine file contents and if it looks like an executable say no. The first two characters of an executable file are always MZ.