I am in the following situation : media files (image, audio, video) are uploaded from untrusted sources and made public to visitors.
What are the best pratices for handling these potentially malicious files before they are served to users (to reduce the risk of infecting them) ?
One option would be to scan them with antivirus, but 0-days exploits would go through unnoticed. I thought about re-encoding but the re-encoding software could be compromised too, so I doubt it will guarantee a clean output.
Is there any bulletproof way to scan these files for potentially red flags such as URL, DRM, scripts, binary, (anything else than pure media) content that I know have no reason to be included ?
Thanks !