![]() |
MS-DEFCON 4:
There are isolated problems with current patches, but they are well-known and documented on this site.
|
-
Checking e-mail attachments with VirusTotal
- This topic has 5 replies, 4 voices, and was last updated 1 month, 2 weeks ago.
Viewing 2 reply threads-
AuthorPosts
-
-
January 17, 2021 at 12:48 pm #2335064
WCHS
AskWoody PlusTo @b in reply to #2335047, where you asked:
How would you check a webmail attachment against VirusTotal without downloading it?by using webmail, it’s never downloaded to your device,(unless you wish to do so) it’s only visable in your online mail account, which can be checked via VT/ purged from therein.
I took that to mean that I could find an e-mailed document in my webmail and check it in VT without downloading it.
So this is what I did to check a document that I e-mailed to myself (to see how VirusTotal works):
Step 1: I found the document in my webmail, but I did not do anything to download it, but instead did Step 2.
Step 2: I clicked on the entry for the document and an URL showed up in the URL field of my Firefox browser.
Step 3: I pasted the URL into the URL search field in VirusTotal
Step 4: I viewed the results.
See attachments here for Steps 1 thru 4.
So, am seeing the results of checking the e-mail message, including the attached document, both of which have not been downloaded? or both of which HAVE been downloaded?
Or am I seeing the results of checking the e-mail message only which has not been downloaded? Or which HAS been downloaded?Attachments:
You must be logged in to access attached files.
-
January 17, 2021 at 1:06 pm #2335070
Microfix
AskWoody MVPThat is how I do the VT check also.
not run into problems for over a year using the same method.
Although, up-to-date AV/Malware security should intercept it if bad and known, but new variants?
Sandboxed folder to download the attachment and check with VT prior to opening?-
This reply was modified 1 month, 2 weeks ago by
Microfix.
-
January 17, 2021 at 1:39 pm #2335078
b
AskWoody MVP-
January 17, 2021 at 2:01 pm #2335083
mn–
AskWoody LoungerI don’t think all webmail services will provide a direct URL for an attachment.
Indeed, having one that doesn’t require authentication does feel like a security hole to me… especially if you haven’t specifically marked that attachment as “shared”.
Step 3: I pasted the URL into the URL search field in VirusTotal
Step 4: I viewed the results.If the webmail service works like I’d expect it to, what this should do is the VirusTotal results for the webmail service’s authentication-request page. As in the page where they ask for account and password…
-
January 17, 2021 at 2:19 pm #2335086
WCHS
AskWoody PlusIf the webmail service works like I’d expect it to, what this should do is the VirusTotal results for the webmail service’s authentication-request page. As in the page where they ask for account and password…
IOW, VT is not checking the file itself??
-
January 17, 2021 at 2:59 pm #2335100
mn–
AskWoody LoungerVery likely so.
You can test what VirusTotal would see, by using a known-safe attachment link (such as one you sent yourself… a dummy text file would be enough, or a random doodle in Paint saved as a file and attached). Then copy the link for that, and open it in a browser that doesn’t share your cookies, authentication tokens etc. (Incognito / privacy mode, whatever you call it, is good for that.)
I did this with an attachment in Gmail, copying the link to an instance of Brave that’s in incognito mode. And instead of the attachment I got the Gmail login screen.
Therefore, if I were to submit that link to VirusTotal, I’d get the VirusTotal results for Gmail’s login screen.
(Also, VirusTotal says “please do not submit any personal information” and some webmail services have your primary email address as part of the URL.)
-
This reply was modified 1 month, 2 weeks ago by
mn--. Reason: fixed punctuation
-
This reply was modified 1 month, 2 weeks ago by
-
-
-
-
This reply was modified 1 month, 2 weeks ago by
-
January 17, 2021 at 3:00 pm #2335095
-
-
AuthorPosts
Viewing 2 reply threads -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search Newsletters
Search Forums
Recent Replies
Rick Corbett on Automatic virus definition updates for Defender
35 minutes agoAlex5723 on Is this the best science fiction show ever?
50 minutes agoRick Corbett on February Update 20H2 – Telemetry changes
1 hour, 9 minutes agoT on Tasks for the weekend March 6 – check your logins
1 hour, 14 minutes agoJohn on ‘System’ reports high CPU
1 hour, 23 minutes agoJohn on ‘System’ reports high CPU
1 hour, 26 minutes agoanonymous on Tasks for the weekend March 6 – check your logins
1 hour, 35 minutes agoT on Tasks for the weekend March 6 – check your logins
1 hour, 38 minutes agoanonymous on Tasks for the weekend March 6 – check your logins
2 hours, 27 minutes agoOscarCP on Is this the best science fiction show ever?
2 hours, 29 minutes agoT on Standalone installer script for Windows 7 ESU, regardless the license
2 hours, 41 minutes agoOscarCP on Is this the best science fiction show ever?
2 hours, 41 minutes agoanonymous on Plus member bonus – Exchange security issue
2 hours, 49 minutes agoSusan Bradley on Introducing a new deployment service for driver and firmware updates
4 hours, 17 minutes agob on Tasks for the weekend March 6 – check your logins
4 hours, 31 minutes agoSusan Bradley on Tasks for the weekend March 6 – check your logins
4 hours, 43 minutes agoanonymous on Tasks for the weekend March 6 – check your logins
4 hours, 47 minutes agob on Why do “print to PDF” articles contain 2 copies of each image?
4 hours, 52 minutes agoMoonshine on Windows Reader View creates duplicate images
4 hours, 58 minutes agoFred on Introducing a new deployment service for driver and firmware updates
5 hours, 1 minute agoMoonshine on Why do “print to PDF” articles contain 2 copies of each image?
5 hours, 3 minutes agowavy on Is this the best science fiction show ever?
5 hours, 28 minutes agoECWS on Startup Impact Not Measured
6 hours, 20 minutes agoLiz C. on Why do “print to PDF” articles contain 2 copies of each image?
6 hours, 21 minutes agoanonymous on Automatic virus definition updates for Defender
6 hours, 23 minutes agoanonymous on Another Win10 Update and Metered Connection Question
6 hours, 24 minutes agoanonymous on ‘System’ reports high CPU
6 hours, 24 minutes agoanonymous on ‘System’ reports high CPU
6 hours, 25 minutes agoSeff on MS-DEFCON 4 – February updates trigger few issues
6 hours, 28 minutes agob on Why do “print to PDF” articles contain 2 copies of each image?
6 hours, 42 minutes ago
Recent Topics
-
“Accellion” supply-chain attacks steal banks, private and government data.
1 hour, 7 minutes ago
-
Windows 10 Monthly Update Known Issue Rollback
1 hour, 36 minutes ago
-
Firefox opening tabs spontaneously
2 hours, 33 minutes ago
-
Windows Reader View creates duplicate images
4 hours, 58 minutes ago
-
Introducing a new deployment service for driver and firmware updates
4 hours, 18 minutes ago
-
How to uninstall McAfee
8 hours, 4 minutes ago
-
Another Win10 Update and Metered Connection Question
6 hours, 24 minutes ago
-
Song for an IT experience
11 hours, 37 minutes ago
-
Automatic virus definition updates for Defender
35 minutes ago
-
Tasks for the weekend March 6 – check your logins
1 hour, 14 minutes ago
-
Why do “print to PDF” articles contain 2 copies of each image?
4 hours, 52 minutes ago
-
ESU 2021 activation “error: product not found”
14 hours, 1 minute ago
-
Plus member bonus – Exchange security issue
2 hours, 49 minutes ago
-
Encrypted DNS (DoH) now on Win 10 – but better than dnscrypt-proxy?
16 hours, 45 minutes ago
-
Download DVD disk
16 hours, 24 minutes ago
-
Windows 10 Home update: wushowhide.diagcab won’t download
10 hours, 29 minutes ago
-
Macro app for Windows 10?
1 day, 6 hours ago
-
Where are we as respects 20H2 Feature Upgrade?
1 day, 9 hours ago
-
upgrading method
1 day, 15 hours ago
-
At Least 30,000 U.S. Organizations Newly Hacked Via Microsoft’s Email Software
12 hours, 24 minutes ago
-
Telemetry
1 day, 17 hours ago
-
Microsoft Security Response Center
1 day, 21 hours ago
-
SRU and SRUDB
2 days, 4 hours ago
-
‘System’ reports high CPU
1 hour, 23 minutes ago
-
AI generated play
23 hours, 33 minutes ago
-
Free-form database wanted
15 hours, 16 minutes ago
-
LinkedIn will stop collecting IDFA data on iOS
1 day, 3 hours ago
-
February Update 20H2 – Telemetry changes
1 hour, 9 minutes ago
-
KB4603002 – Feb 2021 Patch for .Net Framework.
3 days, 7 hours ago
-
reboot takes forever, normal boot from off is quick
2 days, 5 hours ago
Search for Topics
Recent blog posts
- Tasks for the weekend March 6 – check your logins
- Plus member bonus – Exchange security issue
- March 2021 Office non-Security Updates are now available
- Do you still patch on premises Exchange servers?
- “Stuttering” glitch on a brand-new PC
- Here’s looking at you, kid: the child-cam scam
- The best things in life are copyrighted
- Using Microsoft OneDrive on your Android device
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.