How to check an archived file for malware?

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Jul 3, 2015
8,148
1
31,237
8,388
Middle Earth
If virustotal.com won't check an archive for malware, and archives are exploitable,
what's the best way to handle an archived download, such as a .RAR file?
 
Last edited by a moderator:
You have a couple of options:

1. Extract it and scan it - either on local system with AV or in Cuckoo Sandbox (online malware analysis - like COMODO Valkyrie) or Virus Total

2. Extract it and run it inside a sandbox - like Sandboxie or COMODO or VM

3. Extract it and run while in Shadow Defender's Shadow Mode

4. Add the archiver to anti-exploit protection - like HMP.A

5. Don't download any unknown\untrusted files
 
Last edited by a moderator:
  • Like
Reactions: LabZero, Jack, simbelmayne and 6 others
hjlbx said:
You have a couple of options:

1. Extract it and scan it - either on local system with AV or in Cuckoo Sandbox (online malware analysis - like COMODO Valkyrie) or Virus Total

2. Extract it and run it inside a sandbox - like Sandboxie or COMODO

3. Extract it and run while in Shadow Defender's Shadow Mode

4. Add the archiver to anti-exploit protection - like HMP.A

5. Don't download any unknown\untrusted files
Click to expand...
thanks. I also added in, to Avast Free, their software updater tool, so I will be prompted when WinRar has an update.
 
Our AV's already engage to scan on read and access from archived files, virtualization is your next step when the results are inconsistent. (As mentioned already)
 
hjlbx said:
You have a couple of options:

1. Extract it and scan it - either on local system with AV or in Cuckoo Sandbox (online malware analysis - like COMODO Valkyrie) or Virus Total

2. Extract it and run it inside a sandbox - like Sandboxie or COMODO

3. Extract it and run while in Shadow Defender's Shadow Mode

4. Add the archiver to anti-exploit protection - like HMP.A

5. Don't download any unknown\untrusted files
Click to expand...

Thanks a lot, I got similar problems. Now will try these methods.
 
In addition to the suggestions by @hjlbx and @jamescv7 many AVs such as Avast, for example, allow you to scan compressed files but only if they are not password protected. In this case, no way to scan the archive.
 
Status
Not open for further replies.

You may also like...