News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Checking e-mail attachments with VirusTotal

    Home Forums Tools Checking e-mail attachments with VirusTotal

    Viewing 2 reply threads
    • Author
      Posts
      • #2335064
        WCHS
        AskWoody Plus

        To @b in reply to #2335047, where you asked:
        How would you check a webmail attachment against VirusTotal without downloading it?

        In #2335004, @Microfix said:

        by using webmail, it’s never downloaded to your device,(unless you wish to do so) it’s only visable in your online mail account, which can be checked via VT/ purged from therein.

        I took that to mean that I could find an e-mailed document in my webmail and check it in VT without downloading it.
        So this is what I did to check a document that I e-mailed to myself (to see how VirusTotal works):
        Step 1: I found the document in my webmail, but I did not do anything to download it, but instead did Step 2.
        Step 2: I clicked on the entry for the document and an URL showed up in the URL field of my Firefox browser.
        Step 3: I pasted the URL into the URL search field in VirusTotal
        Step 4: I viewed the results.
        See attachments here for Steps 1 thru 4.
        So, am seeing the results of checking the e-mail message, including the attached document, both of which have not been downloaded? or both of which HAVE been downloaded?
        Or am I seeing the results of checking the e-mail message only which has not been downloaded? Or which HAS been downloaded?

        Attachments:
      • #2335070
        Microfix
        AskWoody MVP

        That is how I do the VT check also.
        not run into problems for over a year using the same method.
        Although, up-to-date AV/Malware security should intercept it if bad and known, but new variants?
        Sandboxed folder to download the attachment and check with VT prior to opening?

        • This reply was modified 1 month, 2 weeks ago by Microfix.
        • #2335078
          b
          AskWoody MVP

          I don’t think all webmail services will provide a direct URL for an attachment.

          Is yours also Yahoo or another site?

          • #2335083
            mn–
            AskWoody Lounger

            I don’t think all webmail services will provide a direct URL for an attachment.

            Indeed, having one that doesn’t require authentication does feel like a security hole to me… especially if you haven’t specifically marked that attachment as “shared”.

            Step 3: I pasted the URL into the URL search field in VirusTotal
            Step 4: I viewed the results.

            If the webmail service works like I’d expect it to, what this should do is the VirusTotal results for the webmail service’s authentication-request page. As in the page where they ask for account and password…

            • #2335086
              WCHS
              AskWoody Plus

              If the webmail service works like I’d expect it to, what this should do is the VirusTotal results for the webmail service’s authentication-request page. As in the page where they ask for account and password…

              IOW, VT is not checking the file itself??

              • #2335100
                mn–
                AskWoody Lounger

                Very likely so.

                You can test what VirusTotal would see, by using a known-safe attachment link (such as one you sent yourself… a dummy text file would be enough, or a random doodle in Paint saved as a file and attached). Then copy the link for that, and open it in a browser that doesn’t share your cookies, authentication tokens etc. (Incognito / privacy mode, whatever you call it, is good for that.)

                I did this with an attachment in Gmail, copying the link to an instance of Brave that’s in incognito mode. And instead of the attachment I got the Gmail login screen.

                Therefore, if I were to submit that link to VirusTotal, I’d get the VirusTotal results for Gmail’s login screen.

                (Also, VirusTotal says “please do not submit any personal information” and some webmail services have your primary email address as part of the URL.)

                • This reply was modified 1 month, 2 weeks ago by mn--. Reason: fixed punctuation
      • #2335095
        anonymous
        Guest

        You could always open your email in a sandboxed browser. The download will go into the sandbox and you can check it with VirusTotal from there.

    Viewing 2 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Checking e-mail attachments with VirusTotal

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.