| 摘要 |
<p>Protection of a computer system 104 against attacks using malformed files is applied to an application 106 configured to process files of a predefined Headerless format indicated by a Characteristic pattern of bytes. An incoming file's Characteristic pattern is checked by comparing its leading bytes with Characteristic patterns. If its leading bytes have such a pattern, the file 100 is subjected to a full content check; the file is discarded 100 if it lacks such a pattern or has contents considered damaging. A file is checked regarding suitability for further processing by comparing its leading bytes with the Characteristic pattern of the predefined Headerless format. A full content check of the file may also be carried out. The application 106 is permitted to process files having the Characteristic pattern of the predefined Headerless format and appropriate file contents. The method can deal with ZIP files (b) etc. starting with redundant data b1 even if polymorphic, provided that the file is not potentially damaging. Polymorphic files (that is files which satisfy checks for being more than one particular file type) are also dealt with in an improved manner by the system described.</p> |
