File upload security question.

[MonkOFox]

When I upload a file, could I search the file's byte stream for the byte value of <script, <embed or <object and reject if found, to further protect from malware and attacks? Is this the way I would go about it?

I have the size check and ext -> mime check.

Thanks,

Justin

[Uranium-235]

PHP's file uploading system simply stores the file in a temporary directory, outside of the accessible HTTP folders. Once someone uploads something, you get the file location returned. You just need to open the file up, do string/regex operations and output it to wherever you need it. There is no way to intercept the http 'byte stream'...unless you're using different software entirely. But until you copy the file to a http accessible area, no one can have access it, and you just filter out whatever you want, and output the file where you want after that

[MonkOFox]

I realize that you can't use it until it's saved to the system in tmp or whatever. I just wanted to know how to search the byte stream for malicious scripts and etc. Or if that's even the way you do it. When people embed malicious code in an image file, is it plain text in the header somewhere? Or is it encoded in bytes? I would think the former.

Thanks,

Justin