How do I allow Zip files in upload attachments? Some zip files mime type are: application/octet-stream (the same as exe files) Checking the extension along with the mime type does no good since it can be renamed easily, does it mean zip files should not be allowed in attachments at all?
What is disallowing you from allowing zip files? Are these being published to a website, or sent via e-mail? If someone uploads a file with the "zip" extension, and it is actually a "exe" extension, is that an issue? If you are worried about malware, you could always run a script which auto checks uploaded content for malware before making it live. Based on your question, it sounds like you are worried about bad content being uploaded, so you are best off thinking of ways for the community to police the content, and add in your own checks (malware checkers, clamav) to protect it, and then block people who abuse it.