Unkown File Types

[Macemas]

How do I go about adding a file type? I'm dealing with exchanging of Quickbooks Backups (*.QBB && *.QBX)

[Rafiot]

We can, but how do you validate them? Is there a parser to figure out sane/dangerous files?

[Macemas]

As far as my concern goes, the Quickbooks backup is safe because it's opened by the quickbooks program and read to a new file, it's not really opened directly. Obviously there's probably a way to use it to hide malware but for the most part in my experience when a virus gets ahold of it they either break the file by making it malicious (can't be restored from backup, but if you double click it, it runs a program) or it leaves them alone because it's an unkown file type.

I'm trying to prevent clients bringing us unclean USBs that may have autorun malware, or images/executables that aren't intended for us but just on their USB (multipurpose USBs). I'm not suggesting this for every environment but I would like to just add the .QBB/.QBX file extension to automatically copy over.

I'm going to talk to quickbooks about their linux applications and see if there's something that doesn't require licensing that can verify the backups.

[Rafiot]

So your use case is to only allow .QBB/.QBX file extensions, and discard everything else?

[Macemas]

I suppose, we don't necessarily want to discard everything else though. Just to at least not mark .QBB/.QBX files DANGEROUS_MyKittyStore.QBX_DANGEROUS as that scares the bookkeepers.

[Rafiot]

Makes sense. Do you have a sample file I could try to make sure it works properly?

[Macemas]

Sure thing. I downloaded a Quickbooks template online and made a backup of it: https://macemore.net/u/Sample.QBB Never too careful... https://www.virustotal.com/#/url/e62d098b0465021f447924e94279277d14bdfd34cc568c6820eff32f4f39aac7/detection