Massimo Sala <massimo.sala...@gmail.com> added the comment:
Sorry I forgot to mention one specific case. We have valid archives with a starting "blob": digitally signed zip files, their filename extension is ".zip.p7m". I agree your tip can be useful to other readers. Best regards, Sala On Sat, 18 Apr 2020 at 15:45, Serhiy Storchaka <rep...@bugs.python.org> wrote: > > Serhiy Storchaka <storchaka+cpyt...@gmail.com> added the comment: > > Just check the first 4 bytes of the file. In "normal" ZIP archive they are > b'PK\3\4' (or b'PK\5\6' if it is empty). It is so reliable as checking the > offset, and more efficient. It is even more reliable, because a malware can > have zero ZIP archive offset, but it cannot start with b'PK\3\4'. > > ---------- > > _______________________________________ > Python tracker <rep...@bugs.python.org> > <https://bugs.python.org/issue40301> > _______________________________________ > ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40301> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
