With more organizations adopting digital systems to process customer data, employees’ inputs, and other information, a plethora of files are being uploaded to the cloud every day. To prevent security incidents caused by malware, all of these files must be evaluated and confirmed to be safe before being stored or used by the application. Performing this evaluation manually is time-consuming, so automating the process is essential for scaling and efficiency. This guide walks you through an event-driven pipeline that automatically evaluates malicious files uploaded to the cloud using the WildFire API and the open-source anti-malware engine ClamAV.
Malware File Scanner API Guide: Detect & Remove Malicious Files
The WildFire Malware File Scanner API guide uses the VirusTotal service to analyze uploaded files and determine whether or not they are malware by performing a comprehensive scan that includes checking for worms, viruses, trojans, ransomware, and spyware signatures, as well as scanning the file for malicious code. The VirusTotal service uses more than 17 million antivirus engines and website scanners to perform the analysis, which is a great way to quickly check for potentially malicious files without having to upload them to your own servers.
To start the malware scanning process, you will need to submit a file or file hash. This is done through a simple Python script that calls the VirusTotal API with the required information. The first part of the script identifies the file that needs to be scanned by calculating its hash. Then the hash is submitted to VirusTotal along with a scan or lookup request. The scan option executes a full malware file virus scan, while the lookup option only checks our database of VirusTotal results in the last 24 hours for the same hash.