How to Scan Suspicious Files using Online Scanners
Sometimes files downloaded from the internet or copied from external USB storage may contain malicious content that your usual anti-malware defenses fail to detect. If you ever suspect this to be the case, you can upload these files to sites that are able scan these files more thoroughly.
The advantage of using this technique is that the files are scanned using several different engines (anti-malware products) thereby providing a greater probability of detecting malicious content.
I realise there are a plethora of online scanners available, and every person has their favorite that they swear by. However, the goal of this tutorial is to provide access to the fastest and most reputable sites with the highest number of scanning engines
available. As such, this tutorial covers only these sites:
- OPSWAT Metascan
I have used the EICAR test file
to illustrate the scanner report files generated by these sites.
Generally, all these sites work the same way :
1. You access the site,
2. You upload the file (you cannot load more than a single file at a time)
3. The file is scanned and a report is generated
Each site employs a different number of scanning engines, and most have several that are common to each other. Some sites provide access to lesser know engines, and most provide access to the more well known engines (e.g. ESET, Symantec, Microsoft, Kaspersky, F-Secure and Avast to name a few).
Sometimes, one or two scanning engines will flag a file as malicious, whilst the others won't. This may be a false positive
, but the onus is on you to make that decision. Generally speaking, those files flagged with the more well known scanning engines should be treated with caution and assumed to be malicious.
OPSWAT Metascan URL : http://www.metascan-online.com/ Maximum file size limit :
80 MB Number of scanning engines :
43 Scanning engine examples :
agnitum, Ahnlab, AVG, Avira, Bitdefender, ByteHero, ClamAV, commtouch, Emsisoft, ESET, F-Prot, F-Secure, Fortinet, GFI, Hauri, Ikarus, Jiangmin, K7, Kaspersky, KingSoft, McAfee, Microsoft, Nano, nG, Norman, nProtect, Panda, Preventon, Quick Heal, Sophos, StopZilla, Symantec, SysTweak, TotalDefense, TrendMicro, Virit, VirusBlockAds, VirusBuster, Zillya! and Zoner Usage :
VirusTotal URL : http://www.virustotal.com/ Maximum file size limit :
64 MB Number of scanning engines :
46 Scanning engine examples :
agnitum, Ahnlab, AntiVir, Anti-AVL, Avast, AVG, Bitdefender, ByteHero, ClamAV, commtouch, Comodo, Emsisoft, eSafe, ESET, F-Prot, F-Secure, Fortinet, GData, Ikarus, Jiangmin, K7, Kaspersky, KingSoft, McAfee, McAfee GW Edition, Microsoft, MicroWold-eScan, Nano, Norman, nProtect, Panda, PCtools, Quick Heal, Rising, Sophos, SuperAntiSpyware, Symantec, TheHacker, TotalDefense, TrendMicro, TrendMicro HouseCall, VBA32, VIPRE and ViRobot Usage :
Jotti URL : http://www.virusscan.jotti.org/en Maximum file size limit :
25 MB Number of scanning engines :
21 Scanning engine examples :
ArcaVir, Avast, AVG, AntiVir, BitDefender, ClamAV, CP Secure, DrWeb, eScan, ESET, Fortinet, F-Prot, F-Secure, GData, Ikarus, Kaspersky, Panda, Quick Heal, Sophos, VBA32 and VirusBuster Usage :
VirScan URL : http://www.virscan.org File size limit :
20 MB Number of scanning engines :
37 Scanning engine examples :
a-squared, AhnLab, AntiVir, Antiy, Arcavir, Authentium, Avast, AVG, BitDefender, ClamAV, Comodo, CP Secure, DrWeb, ESET, F-Prot, F-Secure, Fortinet, DGata, Ikarus, Jianmin, Kaspersky, KingSoft, AnAfee, Microsoft, Norman, nProtect, Panda, Quick Heal, Rising, Sophos, Sunbelt, Symantec, TheHacker, TrendMicro, VBA32, ViRobot and VirusBuster Usage :
Online scanners are not a substitute for traditional anti-malware defenses. Ensure you always have a reputable anti-malware product installed and updated on your computer.