it:ad:malware_detection:home

IT:AD:Malware Detection

Summary

At this point in time (Q3/2017) consider using https://scanii.com/ if no organisation provided publicly available authorised confidential (ie https) API endpoint is available.

* https://scanii.com/

  • SaaS based commercial API.
  • Recommendation: Recommended.

* http://viruscheckmate.com/

  • Commercial API that looks useful – but not enough information to provide comfort as to what happens to data.
  • Recommendation: Hold, review periodically.

* http://www.attachmentscanner.com/

  • a commercial ($99+/month) SaaS based API.
  • Recommendation: Hold, review periodically.

* https://www.virustotal.com:

  • Fully owned subsidiary of Google, providing free, public API limited to 4 requests of any nature per minute.
  • Recommendation: Do not use for sensitive data as malware infected media is shared with virus scanning companies.

* HerdProtect:

  • Installed Windows product that requires an IaaS based instance if being used in the cloud.
  • Recommendation: Not fit for purpose.

* https://www.metadefender.com/:

  • Provides a free SaaS service to upload small files (<140Mb) using a form.(no API)
  • Recommendations:
    • Maybe form post could emulated, but would probably introduce brittleness. Avoid.

* https://www.mcafeeasap.com

  • Heavy, and expensive, providing multiple lines of defense.
  • Recommendations: In most cases, it's overkill.

* https://virusscan.jotti.org/

  • Free Linux based SaaS based Form upload, limited to 5 files per upload with 50MB limit per file. An API is provided for bulk scanning, price unknown.
  • Recommendation: A couple of online threads mention it catching less than VirusTotal. Hold.

* https://malwr.com/

  • Their mission is to provide a free, independent and non-commercial service to the security community. They provide an online form (no API), that uses VirusTotal – and therefore sensitive/classified data may be leaked.
  • Recommendation: avoid.

* https://www.hybrid-analysis.com/

  • Max 100Mb
  • Upload Form
  • Has API

* http://www.virscan.org/

  • Free upload form limited to 20Mb. No API.
  • Recommendation: prefer an api based offering.

* XRay

  • Installation requires an IaaS instance if being used in the cloud.
  • Recommendation: not fit for purpose.