Introduction
In this article we can explore the scenario to block malicious files by content.
Scenario
Your customer reported a specific feature on All the document libraries in a site. The document libraries should accept uploading of
executable files (.exe) plus
a virus check has to be done on the content. If the exe files are infected then the upload should be aborted.
Solution
In this case you can create a Global Event Handler for all the document libraries. This event handler is invoked whenever a file is being uploaded.
A virus check can be performed based on the antivirus software installed. The upload can be aborted using the Cancel property in the event handler method.
Implementation
Following are the steps involved in implementing the solution:
- Manage
the Blocked File Types
- Test
an exe file insertion into Library
- Create
the Event Receiver
- Make
the Event Receiver Global
- Test
the Application
Manage the Blocked File Types
As you might have noticed the executable extension (.exe) is blocked in all SharePoint libraries. This restriction can be removed by using Central Administration.
In
our case we need to allow this extension (.exe) and later our own event handler
will do the file scanning for adding to the library.
To
change the restriction open Central Administration > Security link.
In
the appearing page click on the Define blocked file types link as shown
below:
In
the appearing page you can see that there are lots of extensions being
blocked. Remove the exe entry from the list and click the OK button.
Test an exe file insertion into library
After making the change (removing exe extension) you can try inserting an exe file into a document library. For the time being I tested inserting Calculator
(c:\windows\system32\calc.exe) into my library.
Now I was able to successfully insert an exe file into the library.
Note: Please make sure that you selected the right web application from the right top menu.
Create the Event Receiver
Our job is not finished yet. The current situation may create a Security Threat of malicious exe files being uploaded by users unknowingly. Later other users may
execute it and create chaos. So we need to ensure that the content of the Executable file is not having any malicious code inside it.
The actual way of scanning the exe file is to integrate some third party Anti-Virus SDK with our application. As this exceeds our scope of the article I prefer
checking the exe file name containing any special characters like !, @, #. If any of the characters found the file will be cancelled from insertion and a
message will be shown to the user.
Now let us create the event handler which blocks the file if file name contains special characters.
Create a new project of type Event Receiver inside Visual Studio 2010. Name the project as GlobalEventReceiver.
Choose the site for the project and In the Event Receiver Settings dialog select the options like Document library and Add, Update events as shown below:
Click the Finish button to continue.
In the appearing event file replace the Item Adding event as following:
public class EventReceiver1 : SPItemEventReceiver
{
public override void ItemAdding(SPItemEventProperties properties)
{
if (properties.List is SPDocumentLibrary)
{
if (properties.AfterProperties != null)
{
if (properties.AfterProperties["vti_filesize"] != null)
{
if (properties.AfterUrl != null)
{
if (properties.AfterUrl.Contains("!") ||
properties.AfterUrl.Contains("@") ||
properties.AfterUrl.Contains("#"))
{
properties.Cancel = true;
properties.ErrorMessage = "Potential malicious content in file!";
}
}
}
}
}
}
}
The event is invoked with the SPItemEventProperties
server object model which contains the document,
URL, and related properties. As we are making this event
Global, all the lists and libraries will be invoking this event handler.
To prevent the event being blocked in Lists/Folders we are ensuring the properties.List
is of type Document Library in the first
if
block.
In the second and third if
blocks we are ensuring the file size is not null.
In
the fourth and fifth if
blocks we are ensuring the file URL does
not contain special characters like !, @, #. (our dummy malicious check).
If
the malicious check resulted in true, then the Cancel
property is set to
true
,
which will prevent the file from being inserted. An error message is set for the
user.
Make the Event Receiver Global
The current event receiver is hard coded for document template Id 101. We need to make this global so that all the document libraries will be attached to this event.
Open the Elements.xml from the EventReceiver1 folder.
Remove the ListTemplatId=”101”
attribute from the Receivers
tag (third line) as
below:
="1.0"="utf-8"
<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
<Receivers>
<Receiver>
<Name>EventReceiver1ItemAdding</Name>
<Type>ItemAdding</Type>
<Assembly>$SharePoint.Project.AssemblyFullName$</Assembly>
<Class>GlobalEventReceiver.EventReceiver1.EventReceiver1</Class>
<SequenceNumber>10000</SequenceNumber>
</Receiver>
<Receiver>
<Name>EventReceiver1ItemUpdating</Name>
<Type>ItemUpdating</Type>
<Assembly>$SharePoint.Project.AssemblyFullName$</Assembly>
<Class>GlobalEventReceiver.EventReceiver1.EventReceiver1</Class>
<SequenceNumber>10000</SequenceNumber>
</Receiver>
</Receivers>
</Elements>
Now
build the application.
Test the Application
Execute the application and in the launched SharePoint site, open a document library and try to add an exe file with a “@” character in the file name.
For example: calc@renamed.exe
You should get the following error:
So this confirms the Global Event Handler at work.
Note: The Item Add event handler is needed to handle document insert event. The Item Update event handler is needed to handle the document update event.
Note: The scenario explained above is for conditional blocking purpose and in the real world the same Global Event Handler mechanism can be used to handle other
situations like:
- Prevent
PDF file insertion on Document Libraries
- Disable
Copy Paste between different document library types
- Disable
file insertion based on validation etc.
References
http://tinyurl.com/sp2010-list-event <o:p>
Summary
In this chapter we have approached a real world scenario to create a global event handler. The same mechanism can be extended to resolve other complex requirements associated with list/library item add/update/delete.
Jean Paul is a Microsoft MVP and Architect with 12+ years of experience. He is very much passionate in programming and his core skills are SharePoint, ASP.NET & C#.
In the academic side he do hold a BS in Computer Science & MBA. In the certification side he holds MCPD & MCTS spanning from .Net Fundamentals to SQL Server.
Most of the free time he will be doing technical activities like researching solutions, writing articles, resolving forum problems etc. He believes quality & satisfaction goes hand in hand.
You can find some of his work over here. He blogs at http://jeanpaulva.com