[issue40301] zipfile module: new feature (two lines of code), useful for test, security and forensics
Massimo Sala
report at bugs.python.org
Sat Apr 18 10:16:52 EDT 2020
Massimo Sala <massimo.sala.71 at gmail.com> added the comment:
Sorry I forgot to mention one specific case.
We have valid archives with a starting "blob": digitally signed zip files,
their filename extension is ".zip.p7m".
I agree your tip can be useful to other readers.
Best regards, Sala
On Sat, 18 Apr 2020 at 15:45, Serhiy Storchaka <report at bugs.python.org>
wrote:
>
> Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:
>
> Just check the first 4 bytes of the file. In "normal" ZIP archive they are
> b'PK\3\4' (or b'PK\5\6' if it is empty). It is so reliable as checking the
> offset, and more efficient. It is even more reliable, because a malware can
> have zero ZIP archive offset, but it cannot start with b'PK\3\4'.
>
> ----------
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <https://bugs.python.org/issue40301>
> _______________________________________
>
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue40301>
_______________________________________
More information about the Python-bugs-list
mailing list