Hi,
also ich hatte dieses Thema bereits vor einiger Zeit mal angesprochen, bin jetzt aber bei erneuter Recherche nochmal auf andere Meinungen gestoßen.
Und zwar: ob es sich bei gedownloadeten Videodateien, die Ausführrechte (Executable flagged) besitzen immer um Schadsoftware/Malware/Trojaner usw. handeln muss oder es eben nur ein Zuordnungsfehler beispielsweise beim Entpacken eines Archivs sein kann.
Bisher bin ich in den seltenen Fällen in denen ich auf executable flagged (Video-) Dateien gestoßen bin, so vorgangen, dass ich die Dateien sofort gelöscht habe.
Verschiedenste Aussagen haben mich aber zum Nachdenken gebracht, ob die Videos, die ich in der Vergangenheit aufgrund ihrer Flags immer sofort gelöscht habe überhaupt in irgendeiner Art und Weise schädlich waren. Denn es waren eigentlich auch normale MP4-Videodateien und auf jeden Fall keine exe oder .sh Files.Leider wusste ich zu dem Zeitpunkt noch nichts von dem "file" Befehl. Wie sicher und aussagekräftig wäre es noch zusätzlich eine Datei mit MediaInfo zu öffnen?
Ein Missverständnis scheint wohl zu sein, dass viele IT-Leute sofort von bat,exe,com,sh files ausgehen, wenn man von Exectuable Files spricht (siehe unten).
Was sind eure Sicherheitsbezogenen Gedanken zu folgenden Aussagen:
Whether or not something is "executable" could mean one of two things in this context:
Whether the file system has been told that this file is meant to be a program, rather than data.
2. Whether the file actually contains a program or a script that can be run.
You could have a legitimate video file that was mistakenly flagged as executable, if that's the case then running "chmod -x thenameofthefile" will resolve this problem by removing the executable flag.
Running "file thenameofthefile" will show you information about what kind of data is in the file. A video might show something like "ISO Media, MP4 v2", where as an executable would be more like "ELF 32-bit LSB executable" or "Bourne-Again shell script, ASCII text executable".
If the file does not contain video data, then regardless of whether it is flagged as executable, it is not what you wanted and should be deleted.
The 'file' command is safe, it just peeks inside the file and won't execute anything regardless of what's there.
To be safe you can always remove the flag before you're sure whether a file is legitimate, and then delete it if it turns out not to be.
IIRC, it's not uncommon for archives built on Windows to have the executable bit set on everything, regardless of whether it's actually a runnable program or not.
If your video download expands to anything with .bat, .exe. or .com, it's junk, trash it.
If your file is having its executable attribute set (but is still a valid video file), that's likely just a bad setting in your automation setup. Take off the execution bit and try to play it using your video player, you should be fine.
There's this thing on most operating systems called a "self extracting archive"; it's a zip/rar/whatever file that is wrapped in a small executable that is designed to unzip the file. edit: most decompression programs are able to "peek" inside a zip wrapped in an exe and extract the file without using the internal machine code
When you say "executable", I assume you are talking about a file that actually contains machine code to run a program. Not merely setting a file to have an executable flag. I can set .jpgs as +x all day long...but it's not machine code, it won't do anything.
If you get a video file set as executable...but it's just a video file...that..in my book...is not a true "executable video file"....that's just a file set +x.
Executable files, as I mentioned, contain machine code. A binary blob...to a lesser extent...I'll even count script files set to +x that are executed by the shell interpreter.