Question on good anti virus/malware detector tools before uploading file

[Priyanka Raghavan]

Dear Gurus,

I am not sure if this is the right forum but looking for recommendations and hoping someone can help with an answer.

We are expecting upload of files in application portal. For this we need to scan the files for virus before accepting them. I am looking for recommendations for a tool which is api based and does scanning for malware/trojans etc.

Best,

Priyanka

[prashant kv]

I think some of the AVs like Sophos have API capability. Else you can upload the file to a different server, call AV from the command line. I think all the AVs have command line scanning options.  if you use this approach then standard checks like filesize, type, name and extension should be taken care of.

if you are calling OS from programming language then filename could. be important attack vector. like system(AV, file.exe) make sure that name has. been validated before been passed to system.

--
You received this message because you are subscribed to the Google Groups "Bangalore chapter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bangalore-chap...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/bangalore-chapter/e8b92f99-1b7d-4fc3-bd68-af6c1c4f90b6%40owasp.org.

--

good.best.guy

[Marudhamaran Gunasekaran]

Open source virus scanner - ClamAV -  has multiple apis for php, c#, java, and many languages. You would need to have clamav installed on a machine and then use an api to invoke a scan.

If you are on Windows, then Windows Defender also has a command line interface that can be invoked for an on demand scan during your file upload https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus

I have worked with some teams in the past that have used a Symantec installation to run an anitmalware scan with their symantec executables.

VirusTotal also has a free public api - https://developers.virustotal.com/reference#public-vs-private-api, but their free licensing is not for commercial use. 

Have you already reviewed the OWASP File Upload cheatsheet? https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html

Maran

--

[Jayadeep Prasad]

Hi Priyanka,

 

     If your file does not contain sensitive information,then I suggest you to create hash of the file and upload the hash in the online scanners whose urls are mentioned below.

https://www.hybrid-analysis.com/
http://www.virustotal.com/
https://www.joesandbox.com/
http://virscan.org/
http://virusscan.jotti.org/en

http://mwanalysis.org/?page=submit
other links(http://cleanbytes.net/malware-online-scanners)

Regards,

Jayadeep

--