How to Scan Suspicious Files using Online Scanners
InformationSometimes files downloaded from the internet or copied from external USB storage may contain malicious content that your usual anti-malware defenses fail to detect. If you ever suspect this to be the case, you can upload these files to sites that are able scan these files more thoroughly.
The advantage of using this technique is that the files are scanned using several different engines (anti-malware products) thereby providing a greater probability of detecting malicious content.
I realise there are a plethora of online scanners available, and every person has their favorite that they swear by. However, the goal of this tutorial is to provide access to the fastest and most reputable sites with the highest number of scanning engines available. As such, this tutorial covers only these sites:
I have used the EICAR test file to illustrate the scanner report files generated by these sites.
- OPSWAT Metascan
- VirusTotal
- Jotti
- Virscan
Generally, all these sites work the same way :
1. You access the site,
2. You upload the file (you cannot load more than a single file at a time)
3. The file is scanned and a report is generated
Each site employs a different number of scanning engines, and most have several that are common to each other. Some sites provide access to lesser know engines, and most provide access to the more well known engines (e.g. ESET, Symantec, Microsoft, Kaspersky, F-Secure and Avast to name a few).
Sometimes, one or two scanning engines will flag a file as malicious, whilst the others won't. This may be a false positive, but the onus is on you to make that decision. Generally speaking, those files flagged with the more well known scanning engines should be treated with caution and assumed to be malicious.
There is a limitation on the size of file you can upload, and this varies between 20MB and 80MB depending on the site. Most sites will provide a copy of the uploaded file to the anti-malware providers, even if its not malicious, so take care when uploading files. If in doubt, read the sites privacy policy.
OPSWAT Metascan
URL : http://www.metascan-online.com/
Maximum file size limit : 80 MB
Number of scanning engines : 43
Scanning engine examples : agnitum, Ahnlab, AVG, Avira, Bitdefender, ByteHero, ClamAV, commtouch, Emsisoft, ESET, F-Prot, F-Secure, Fortinet, GFI, Hauri, Ikarus, Jiangmin, K7, Kaspersky, KingSoft, McAfee, Microsoft, Nano, nG, Norman, nProtect, Panda, Preventon, Quick Heal, Sophos, StopZilla, Symantec, SysTweak, TotalDefense, TrendMicro, Virit, VirusBlockAds, VirusBuster, Zillya! and Zoner
Usage :
Report :
VirusTotal
URL : http://www.virustotal.com/
Maximum file size limit : 64 MB
Number of scanning engines : 46
Scanning engine examples : agnitum, Ahnlab, AntiVir, Anti-AVL, Avast, AVG, Bitdefender, ByteHero, ClamAV, commtouch, Comodo, Emsisoft, eSafe, ESET, F-Prot, F-Secure, Fortinet, GData, Ikarus, Jiangmin, K7, Kaspersky, KingSoft, McAfee, McAfee GW Edition, Microsoft, MicroWold-eScan, Nano, Norman, nProtect, Panda, PCtools, Quick Heal, Rising, Sophos, SuperAntiSpyware, Symantec, TheHacker, TotalDefense, TrendMicro, TrendMicro HouseCall, VBA32, VIPRE and ViRobot
Usage :
Report :
Jotti
URL : http://www.virusscan.jotti.org/en
Maximum file size limit : 25 MB
Number of scanning engines : 21
Scanning engine examples : ArcaVir, Avast, AVG, AntiVir, BitDefender, ClamAV, CP Secure, DrWeb, eScan, ESET, Fortinet, F-Prot, F-Secure, GData, Ikarus, Kaspersky, Panda, Quick Heal, Sophos, VBA32 and VirusBuster
Usage :
Report :
VirScan
URL : http://www.virscan.org
File size limit : 20 MB
Number of scanning engines : 37
Scanning engine examples : a-squared, AhnLab, AntiVir, Antiy, Arcavir, Authentium, Avast, AVG, BitDefender, ClamAV, Comodo, CP Secure, DrWeb, ESET, F-Prot, F-Secure, Fortinet, DGata, Ikarus, Jianmin, Kaspersky, KingSoft, AnAfee, Microsoft, Norman, nProtect, Panda, Quick Heal, Rising, Sophos, Sunbelt, Symantec, TheHacker, TrendMicro, VBA32, ViRobot and VirusBuster
Usage :
Report :
WarningOnline scanners are not a substitute for traditional anti-malware defenses. Ensure you always have a reputable anti-malware product installed and updated on your computer.
Regards,
Golden
Online Scanners - Scan Suspicious Files on your PC
-
-
-
New #3
Thanks Colin. These will come in useful.
I do find it a bit alarming though, given that the EICAR test file is something that any AV should be able to pick up (and which indeed is an industry standard test), that not all were able to detect it. ByteHero being one such example.
-
New #4
Thanks Guy.
Yes, it is a bit worrying - the image doesn't show all the culprits, but they are ByteHero, StopZilla and Systweak. Certainly products to steer clear of, at least for the time being.
-
New #5
Thanks Golden bookmarked will be very handy for future reference .
-
-
New #7
Of course like everybody else tried to rep you but not allowed.
Great information, Bookmarked.
Thank you!!
-
-
Online Scanners - Scan Suspicious Files on your PC
How to Scan Suspicious Files using Online ScannersPublished by Golden
Quote
Related Discussions