Friday, May 25, 2018

AV scanner online

I use Sopho on my local macOS machines , and the fortinet Fortigate appliance and FortiCloud v2.0 for realtime AVscanning. This combination has been great.

CalmAV is another solution that just as effective for AV detection but in today's post, we will discuss  VirusTotal as an manual and alternative solution.

The virustotal   has  the means for a simple AV scanning and it's free service & now own by Google. It only  requires you to upload the file or run the hash  and compare.

They have both daily  and size limits,  but they are reasonable. I will demo a file upload and  the list of AV scanner that scanned my file for virus detection using  the EICAR testfile which I crafted locally in a text  format.

Scan results depends on the following 1> file-size  ,  2> how busy the site  and 3> how fast you can upload a file.

NOTE: I had to disable my local AV client (  Sopho ) and my Fortigate-Firewall  from AV scanning  for this demo to work in this blog . These two  AV protections are a great combo.

The general population thinks that  you need a super duper  & high $$$$$ analysis service in order to  scan files. That's not  exactly true.

 Keep in mind , that any thing free  is just that, " Free". So don't try to compare virustotal to forticloud or wildfire analysis engine both of which  I have over  combined 7+ years of  experience with. VirusTotal will do a  decent job for the most part and if you want to analyze a file of many different file types.

 I will demo my  FortiCloud Setup &  in my next posting . This ( FortiCloud l )  is a solution for  a simple , affordable  sandbox'ing,  and with HTTP services or any other  services that you  use for downloads or files-sharing. It's easy as 1-2-3 to setup and only requires a Fortigate Firewall.

BTW ( I'm a big pfSense and OPNsense user  for the opensource networking and firewall community )

The openSource "pfSense Firewall"  also has  decent  AV pkg  FWIW. So  again,  "   !!!!  no excuses exists for  being infected via malware !!!! "

Realtime scanning is a must and along with realtime reporting.

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=

        /  \

No comments:

Post a Comment