[issue40301] zipfile module: new feature (two lines of code), useful for test, security and forensics
Serhiy Storchaka
report at bugs.python.org
Sat Apr 18 03:36:23 EDT 2020
Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:
I am not sure it would help you. There are legitimate files which contain a payload followed by the ZIP archive (self-extracting archives, programs with embedded ZIP archives). And the malware can make the offset of the ZIP archive be zero.
If you want to check whether the file looks like an executable, analyze first few bytes of the file. All executable files should start by one of well recognized signatures, otherwise the OS would not know how to execute them and they would not be malware.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue40301>
_______________________________________
More information about the Python-bugs-list
mailing list