DispVM to Check for Malicious Files?

There are various programs or scripts which check files for malicious code (i.e. as listed in this anonymity guide).

For example there’s pdfid.py blog post which takes a PDF file as an input, checks it for the presence of javascript, among other things, and outputs a simple list of what types of code has been detected in the PDF.

Is there a way to have a DispVM open a PDF and automatically run this script against the PDF? Or at least make the python script persistent in each new Disposable VM (i.e. each DispVM comes with ~/pdfid.py)? Could this script be configured to appear as an Application, and open a terminal with the command prompt preloaded like [user@DispVM ~]$ pdfid.py – if this would require some coding, what would the pseudo-code be?

I know there’s pre-installed tools like the PDF linearizer, but being able to set up one’s own programs would be nice.

Thanks in advance.


This is an interesting idea. Implementing would be done through a qrexec-policy. It’s essentially what allows you to have a qube request another qube do something else.

As I imagine the workflow would be:

  1. In trusted qube, right-click PDF » “check for viruses”
  2. DispXXXX qube opens with that PDF
  3. a report is printed on the trusted qube with the results of the scanning tool.

Of course you have to be aware that there’s a chance that the tool is not forensically sound and it itself can be hacked, thus returning a false negative. But those considerations are not qubes-related.

Have a look at how the qvm-convert-pdf is implemented code-wise. For context on this tool, read this original blog post.

1 Like