1

I'm allowing users to upload CSV files. Other users can download these files. I'm aware that CSV could be an attack vector.

Would a ClamAV (or other AV) scan offer protection against such a file?

Any scan would happen only after validating the MIME type.

Improve this question
2
  • 1
    Have you already tried it yourself? Or searched in the ClamAV documentation? Commented Mar 12, 2019 at 12:56
  • 1
    The question is also posted here: stackoverflow.com/questions/55067124/… Commented Mar 12, 2019 at 20:10

1 Answer 1

Reset to default
5

ClamAV has, as far as I know, no specific detection features for CSV files. CSV injection is not a vulnerability that an AV would resolve directly. Instead, an AV may detect known malicious macro payloads that were injected into a file, regardless of the file type.

If you want to know about specific detection features, I suggest talking to the ClamAV maintainers. For now, I recommend following OWASP's advice on filtering: do not allow any cell to start with -, +, =, or @.

Improve this answer
2
  • 2
    I found you need to bypass the following characters: '=', '+', '-', '@', '|', '%'. Otherwise your filter can be bypassed. See: hackerone.com/reports/223999 Commented Mar 12, 2019 at 19:58
  • @Refineo Good to know. Commented Mar 12, 2019 at 23:36

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.