Welcome to WebmasterWorld Guest from

Forum Moderators: bill

Message Too Old, No Replies

What is a safe way to download viruses?


11:38 pm on Nov 20, 2009 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
votes: 0

I have a web app where users may upload files. All kinds of files - PDFs, ZIPs, EXEs, MP3s, AVIs, you name it. As they're uploaded, they're put directly into a storage cloud; they do not reside on my PC or on my web server.

I would like to verify that these files are not infected or malicious.

So, I was thinking I'd download all this stuff from the cloud into a folder on my C:, and use my virus scanner - Microsoft Security Essentials - to scan them.

But maybe that's not a safe thing to do?
Some of these files may be dangerous.

Is there a safe way to handle potentially infected data? I have this notion that it's like handling radioactive isotopes - I need the proper gear to do it safely.


12:01 am on Nov 21, 2009 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
votes: 230

linux and then use a VM with your windows in and your AV to do the download ..if it gets trashed ..it's no big deal :)

search string = "virtual machines for linux that will run windows os" read ..make your choice :)


BTW I wouldn't depend on just MSE to catch every nasty it might show some crud as clean ..and you would not want to pass on infections to others ..by re-upping or whatever it is you'll do at the end.

And the reason why a VM on linux is a better idea than a VM on windows ( to check for nasties) is that linux is alien territory to it ..so if you made a mistake ..it would not matter :)

[edited by: Leosghost at 12:12 am (utc) on Nov. 21, 2009]

12:07 am on Nov 21, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 2, 2006
votes: 2


I would agree that this would be the safest way. Keep a backup of working setup and it will be convenient, too. If something gets screwed up, restore, and there you go.

11:35 am on Nov 22, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
votes: 0

Assuming the file is deleted directly after downloading, there is no risk. However, if you plan to automate this process, you may have to disable real-time scanning - this does constitute a risk.

It's a guess but at least one of the main antivirus providers probably provides an online-scanner. This would be much faster since only a fraction of a file is normally scanned.