How to Scan Suspicious Files using Online Scanners
InformationSometimes files downloaded from the internet or copied from external USB storage may contain malicious content that your usual anti-malware defenses fail to detect. If you ever suspect this to be the case, you can upload these files to sites that are able scan these files more thoroughly.
The advantage of using this technique is that the files are scanned using several different engines (anti-malware products) thereby providing a greater probability of detecting malicious content.
I realise there are a plethora of online scanners available, and every person has their favorite that they swear by. However, the goal of this tutorial is to provide access to the fastest and most reputable sites with the highest number of scanning engines available. As such, this tutorial covers only these sites:
I have used the EICAR test file to illustrate the scanner report files generated by these sites.
- OPSWAT Metascan
- VirusTotal
- Jotti
- Virscan
Generally, all these sites work the same way :
1. You access the site,
2. You upload the file (you cannot load more than a single file at a time)
3. The file is scanned and a report is generated
Each site employs a different number of scanning engines, and most have several that are common to each other. Some sites provide access to lesser know engines, and most provide access to the more well known engines (e.g. ESET, Symantec, Microsoft, Kaspersky, F-Secure and Avast to name a few).
Sometimes, one or two scanning engines will flag a file as malicious, whilst the others won't. This may be a false positive, but the onus is on you to make that decision. Generally speaking, those files flagged with the more well known scanning engines should be treated with caution and assumed to be malicious.
There is a limitation on the size of file you can upload, and this varies between 20MB and 80MB depending on the site. Most sites will provide a copy of the uploaded file to the anti-malware providers, even if its not malicious, so take care when uploading files. If in doubt, read the sites privacy policy.
OPSWAT Metascan
URL : http://www.metascan-online.com/
Maximum file size limit : 80 MB
Number of scanning engines : 43
Scanning engine examples : agnitum, Ahnlab, AVG, Avira, Bitdefender, ByteHero, ClamAV, commtouch, Emsisoft, ESET, F-Prot, F-Secure, Fortinet, GFI, Hauri, Ikarus, Jiangmin, K7, Kaspersky, KingSoft, McAfee, Microsoft, Nano, nG, Norman, nProtect, Panda, Preventon, Quick Heal, Sophos, StopZilla, Symantec, SysTweak, TotalDefense, TrendMicro, Virit, VirusBlockAds, VirusBuster, Zillya! and Zoner
Usage :
Report :
VirusTotal
URL : http://www.virustotal.com/
Maximum file size limit : 64 MB
Number of scanning engines : 46
Scanning engine examples : agnitum, Ahnlab, AntiVir, Anti-AVL, Avast, AVG, Bitdefender, ByteHero, ClamAV, commtouch, Comodo, Emsisoft, eSafe, ESET, F-Prot, F-Secure, Fortinet, GData, Ikarus, Jiangmin, K7, Kaspersky, KingSoft, McAfee, McAfee GW Edition, Microsoft, MicroWold-eScan, Nano, Norman, nProtect, Panda, PCtools, Quick Heal, Rising, Sophos, SuperAntiSpyware, Symantec, TheHacker, TotalDefense, TrendMicro, TrendMicro HouseCall, VBA32, VIPRE and ViRobot
Usage :
Report :
Jotti
URL : http://www.virusscan.jotti.org/en
Maximum file size limit : 25 MB
Number of scanning engines : 21
Scanning engine examples : ArcaVir, Avast, AVG, AntiVir, BitDefender, ClamAV, CP Secure, DrWeb, eScan, ESET, Fortinet, F-Prot, F-Secure, GData, Ikarus, Kaspersky, Panda, Quick Heal, Sophos, VBA32 and VirusBuster
Usage :
Report :
VirScan
URL : http://www.virscan.org
File size limit : 20 MB
Number of scanning engines : 37
Scanning engine examples : a-squared, AhnLab, AntiVir, Antiy, Arcavir, Authentium, Avast, AVG, BitDefender, ClamAV, Comodo, CP Secure, DrWeb, ESET, F-Prot, F-Secure, Fortinet, DGata, Ikarus, Jianmin, Kaspersky, KingSoft, AnAfee, Microsoft, Norman, nProtect, Panda, Quick Heal, Rising, Sophos, Sunbelt, Symantec, TheHacker, TrendMicro, VBA32, ViRobot and VirusBuster
Usage :
Report :
WarningOnline scanners are not a substitute for traditional anti-malware defenses. Ensure you always have a reputable anti-malware product installed and updated on your computer.
Regards,
Golden