How to check an archived file for malware?

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
If virustotal.com won't check an archive for malware, and archives are exploitable,
what's the best way to handle an archived download, such as a .RAR file?
 
Last edited by a moderator:
H

hjlbx

You have a couple of options:

1. Extract it and scan it - either on local system with AV or in Cuckoo Sandbox (online malware analysis - like COMODO Valkyrie) or Virus Total

2. Extract it and run it inside a sandbox - like Sandboxie or COMODO or VM

3. Extract it and run while in Shadow Defender's Shadow Mode

4. Add the archiver to anti-exploit protection - like HMP.A

5. Don't download any unknown\untrusted files
 
Last edited by a moderator:
  • Like
Reactions: LabZero, Jack, simbelmayne and 6 others
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
hjlbx said:
You have a couple of options:

1. Extract it and scan it - either on local system with AV or in Cuckoo Sandbox (online malware analysis - like COMODO Valkyrie) or Virus Total

2. Extract it and run it inside a sandbox - like Sandboxie or COMODO

3. Extract it and run while in Shadow Defender's Shadow Mode

4. Add the archiver to anti-exploit protection - like HMP.A

5. Don't download any unknown\untrusted files
Click to expand...
thanks. I also added in, to Avast Free, their software updater tool, so I will be prompted when WinRar has an update.
 
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Our AV's already engage to scan on read and access from archived files, virtualization is your next step when the results are inconsistent. (As mentioned already)
 
simbelmayne

simbelmayne

Level 3
Verified
Jul 4, 2016
101
hjlbx said:
You have a couple of options:

1. Extract it and scan it - either on local system with AV or in Cuckoo Sandbox (online malware analysis - like COMODO Valkyrie) or Virus Total

2. Extract it and run it inside a sandbox - like Sandboxie or COMODO

3. Extract it and run while in Shadow Defender's Shadow Mode

4. Add the archiver to anti-exploit protection - like HMP.A

5. Don't download any unknown\untrusted files
Click to expand...

Thanks a lot, I got similar problems. Now will try these methods.
 
L

LabZero

In addition to the suggestions by @hjlbx and @jamescv7 many AVs such as Avast, for example, allow you to scan compressed files but only if they are not password protected. In this case, no way to scan the archive.
 
Status
Not open for further replies.

Similar threads

silversurfer
    • Like
    • +Reputation
New Update WinRAR - Updates Thread
Replies
9
Views
1,765
System utilities
silversurfer
silversurfer
LASER_oneXM
    • Like
    • Wow
    • +Reputation
WinRAR SFX archives can run PowerShell without being detected
Replies
0
Views
862
News Archive
LASER_oneXM
LASER_oneXM
silversurfer
    • Like
    • +Reputation
Malware News New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
Replies
1
Views
1,136
Security News
kamiloxf
K

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top