Safely processing / storing downloaded files

tldr:
Do worry about malware with downloaded files? If so, what do you do about it?

Occasionally for work I have to acquire and store primary source material such as pdfs, word docs, txt files, images, and a rare video file. I’d like to not fall victim to malware and want to up my game in this regard. Currently I just scan everything with ClamAV.

-What personal protocols do you have for acquiring and storing files from sites?
-Do you scan everything with ClamAV? Other antivirus?
-If using yt-dlp, do you assume that Youtube is scanning all uploads for malware?
-If you receive a file that you think might be malware and want to look it over, do you move it to a separate computer or to a VM on your main computer? If the latter, how do you create a secure upload path from a USB into the VM?
-If you torrent, (ie - Linux iso’s :smiley:), do you do anything specific with the torrented files after download to look for malware?

Thank you

VirusTotal is probably your best bet.

ClamAV is “ok” but most 3rd party AV programs are spyware/malware themselves and you shouldn’t use them.

Personally I try to not download/execute any files from untrustworthy sources, ever. If I think it could be malware I’d never execute it, not even in a VM - if it’s your job to make sure these files are clean your employer should provide you with a computer (completely offline) for this that you do not use for anything else.

Videos grabbed directly from YouTube should be fine, though.

4 Likes

Might you be able to expand on what constitutes an untrustworthy source?

Depends on your paranoia level, I guess. So somewhere between “everything” and software from trusted developers with a positive track record, perhaps.

Personally I think open source software from well-known devs should be fine (throw in an additional scan with VirusTotal). But of course nothing is secure and everything can be infected with malware if you’re unlucky - see the recent incident with the XZ Utils repository.

3 Likes

Have your work computer separate from your personal computer.
Have it be windows.
Dial up all the windows protections to 11. Yes please check all your urls against the microsoft whitelist. Send a copy of files to microsoft servers if microsoft has never seen it before? Sure. Can’t install an app because it wasn’t signed by microsoft store? Oh well.

For personal protocols, just download into a folder that’s definitely scanned by your antivirus.

Yes

Separate old computer with a fresh Ubuntu install.

If it’s linux iso’s then I make sure it’s a torrent from the official site. If it’s a regular torrent file then I only use trusted torrent creators.

Distrusting email links and attachments is a good start, and would fit all but the lowest levels of paranoia.

In case a USB flash drive is used to move suspicious files around, never open/execute suspicious files while the USB flash drive is connected.

Opening/executing suspicious files on separate offline hardware is a good idea.

It might be safe enough to copy suspicious files into a low-privilege VM in Qubes OS (no network, no root, etc.) and then open it from inside the VM, then destroy the VM afterwards.

Another option is copy suspicious files into a fresh Tails OS (no network, no root, no persistence, etc.) and then open it. If paranoid, overwrite/destroy the Tails installation from the USB flash drive afterwards so that it can’t be accidentally used for anything else.

There is DangerZone, but IIRC I tried it once but couldn’t get it to work properly, and I wouldn’t trust it to be truly safe.