I have a form that uploads a file via PHP to my server.
For security I analyze these files with ClamAV, however, encrypted files (eg.: zip with password, pdf with password) cannot be analyzed.
I tried via fopen to see if there was any error reading the file, but it reads the file normally, displaying the encrypted content without triggering errors.
Is it possible via PHP to detect if this file is encrypted and display an error message to the user?
Advertisement
Answer
Each file type can be identified by first bites (file signature), here is the list of most used file types https://en.wikipedia.org/wiki/List_of_file_signatures. You can check the uploaded file type by this signature and if it’s unknown then trigger an error for the user