Can a zip file executable? For instance can you have a virus in the form of a zip. Obviously a virus could be inside a zip file but can the actual zip execute?
The reason I ask is I have a website that currently allows only jpg, jpeg, png and gif file extensions and I had an idea today to allow people to upload icon packs, but the icon packs would need to be in the form of a zip because there would be so many images.
I don't need my site infected by viruses.
Best Answer
Theoretically, some tools for uncompressing zip files may have vulnerabilities that can lead to some code execution. However, it is really unlikely that it is your case. Uncompressing tools for your programming language probably don’t have such vulnerabilities, and if the web server is running a UNIX like operating system (e.g. Linux), Windows viruses are not going to be executed anyway.
But you should also check each file path when extracting files from a zip archive, as it can be an absolute path or a file with
..(two dots) components, if the uncompressing library does not check this by default (for example, Python’s zipfile module was not until Python 2.7.4 was released). Otherwise files can be extracted to a different location on your disk.