2 Replies Latest reply on May 30, 2012 1:17 AM by mjmurra

    Virus scanning XML with base64 attachements?


      Firstly, I apologise for asking a question which may have already been answered; but I am unfamiliar with the site layout and can't work out how to efficiently search the threads.


      I am wondering if anyone knows how McAfee VirusScan (Command Line for Win32 Version: handles the situation where an XML document is scanned and within the XML is an attached document that is encoded as base64.


      My scenario is an XML document (compressed or not compressed) with one or more attached files included within the document encoded as base64.  The attachments can be any document.  Naturally I am very interested in ensuring that the base64 encoded content is scanned appropriately so that when the files are reconstituted they don't pose a security risk.



      Also, if VirusScan is not the right product for this can anyone recommend something else from the McAfee stable.  One constraint I have is the virus scanning tool must support command line integration.


      Any information is greatly appreciated.




        • 1. Re: Virus scanning XML with base64 attachements?



          I setup a test which base64'd EICAR and wrapped it in XML.






          The virus signature was not detected.  If the file contains just the base64 encoded signature then the virus is detected.


          I'm not sure if this means that the virus scanner isn't able to understand XML if it is because the EICAR virus signature is only activated when the file contain exactly 68 or 70 bytes. Once the xml tags wrap the EICAR it is no longer detected.


          So not sure if the test means all viruses wrapped in XML tag will no longer be detected or just this virus signature.


          If I extracted the base64 data and save that into a file then the virus scanner detects the virus. Naturally it would be better if the virus scanner recognised the base64 in the XML and did the checking appropriately.


          Any suggestions?

          • 2. Re: Virus scanning XML with base64 attachements?

            Try (if you havn't already) the /MIME switch.