IT:AD:Malware Detection

Summary

At this point in time (Q3/2017) consider using https://scanii.com/ if no organisation provided publicly available authorised confidential (ie https) API endpoint is available.

Notes

  • https://scanii.com/
    • SaaS based commercial API.
    • Recommendation: Recommended.
  • http://viruscheckmate.com/
    • Commercial API that looks useful – but not enough information to provide comfort as to what happens to data.
    • Recommendation: Hold, review periodically.
  • http://www.attachmentscanner.com/
    • a commercial ($99+/month) SaaS based API.
    • Recommendation: Hold, review periodically.
  • https://www.virustotal.com:
    • Fully owned subsidiary of Google, providing free, public API limited to 4 requests of any nature per minute.
    • Recommendation: Do not use for sensitive data as malware infected media is shared with virus scanning companies.
  • HerdProtect:
    • Installed Windows product that requires an IaaS based instance if being used in the cloud.
    • Recommendation: Not fit for purpose.
  • https://www.metadefender.com/:
    • Provides a free SaaS service to upload small files (<140Mb) using a form.(no API)
    • Recommendations:
      • Maybe form post could emulated, but would probably introduce brittleness. Avoid.
  • https://www.mcafeeasap.com
    • Heavy, and expensive, providing multiple lines of defense.
    • Recommendations: In most cases, it's overkill.
  • https://virusscan.jotti.org/
    • Free Linux based SaaS based Form upload, limited to 5 files per upload with 50MB limit per file. An API is provided for bulk scanning, price unknown.
    • Recommendation: A couple of online threads mention it catching less than VirusTotal. Hold.
  • https://malwr.com/
    • Their mission is to provide a free, independent and non-commercial service to the security community. They provide an online form (no API), that uses VirusTotal – and therefore sensitive/classified data may be leaked.
    • Recommendation: avoid.
  • https://www.hybrid-analysis.com/
    • Max 100Mb
    • Upload Form
    • Has API
  • http://www.virscan.org/
    • Free upload form limited to 20Mb. No API.
    • Recommendation: prefer an api based offering.
  • XRay
    • Installation requires an IaaS instance if being used in the cloud.
    • Recommendation: not fit for purpose.