Scanning pdf files for viruses

In this example, we have a simple page that allows users to upload a file. The result of the scan is then stored in temp data, so the user knows if it is virus free. ScanStream file. InputStream ; ViewBag.

A more robust solution may be to try it out some real viruses. This is another post on its own! Here are some tips for a solution like this:. A full copy of this project can be found on Github. A special thanks to: Ryan Hoffman, with some of this code influenced by his examples The guys at ClamAV for their great work and keeping the software up to date.

You are commenting using your WordPress. You are commenting using your Google account. You are commenting using your Twitter account. You are commenting using your Facebook account. Notify me of new comments via email. There are also several handy web-based tools you can use for analyzing suspicious PDFs without having to install any tools. These online tools automate the scanning of PDF files to identify malicious components.

PDF Examiner by Malware Tracker is able to scan the uploaded PDF for sveral known expoits, allows the user to explore the structure of the file, as well as examine, decode and dump PDF object contents. This tools lends itself well to manual PDF analysis tasks. In this way, it differs from Jsunpack and Wepawet, which focus on automating the analysis as much as possible. Jsunpack by Blake Hartstein is designed for automatically examining and deobfuscating JavaScript.

After you open their folder, end the processes that are infected, then delete their folders. No anti-virus program can detect all infections. Hold together the Start Key and R. Type appwiz. You are now in the Control Panel. Look for suspicious entries. If you see a screen like this when you click Uninstall , choose NO:.

Type msconfig in the search field and hit enter. A window will pop-up:. A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:. Type Regedit in the windows search field and press Ente r. Right click and delete any entries you find with a similar name. Also, you can always ask us in the comments for help! I would prefer a free tool. It must be suitable for programmatic use, e.

A web-based solution might also be OK if it is scriptable. There are a few others that I will also highlight. Here is an article on how to run pdfid.

This is possible with pdf-parser. Additionally, Brandon Dixon maintains some extremely elite blog posts on his research with PDF malware, including a post about scoring PDFs based on malicious filters just like you describe. For the past few months I have been doing research on PDF analysis and how it could be better improved.

While doing the research I found myself writing tools and scripts to help me get the job done and decided it was time to put something more useful together. The tool uses multiple open source tools and custom code to take a PDF and turn it into a sharable format. The goal with this tool is to centralize PDF analysis and begin sharing comments on files that are seen.

Instead it compares the file you upload against thousands of malicious PDF files in our repository. These checks look for similar data structures within the PDF you upload and ones that have been reviewed by analysts.

Using this feature we can begin to see shared coded samples among malicious files or trends due to malicious author coding styles. The tool is still in beta, but I wanted to release it to the public to see what users thought. In my opinion the API is the most useful as you can begin to integrate rich PDF analysis into other tools and services with little or no cost. In its current state it will scan the PDF, pull in as much data as possible and compare it against hundreds of other malicious files.