iis server - any way to stop executable file upload

[bertieuk]

We have a public web server with ftp access running on IIS5.

Is it possible to restrict file type uploads i.e. I want to stop executable files spreading viruses on the box.

Another way I thought of doing this was to check the ftp logs using a script and do a daily cleardown of any such files.

Has anyone any better ideas

Thanks
Si

 

[Tuck007]

If I follow, you want to filter or restrict FTP users from uploading executables to the FTP directory?

Well, I don't think you could filter the actual content of the files being uploaded. Basically, you filter who is uploading files, using account security, no anonymous uploading.

Now, creating a macro, or bot, to scan the FTP directory every few moments or triggered after a file has been uploaded, to scan for '*.exe' or '*.vbs' and delete those items, that sounds feasable. And, the thought occurs to me, that if these did get uploaded, and the directory doesn't support scripts, how would a web user launch the file that gets uploaded unless the have telneted in with root/admin lever and executed the file? If that is the case, you got far bigger problems.

So what's the scenerio here? Why would anonymous users be uploading malicious software to your FTP site and then executing it remotely?

.:TUCK:.