What are people using to scan for malicious files before transferring the file out of a download qube?

newbie · November 2, 2021, 11:54pm

thank you, really complete list

unman · November 3, 2021, 12:15am

Believe me, if a client received an infected file from me, they wouldn’t
stay a client for long.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

ppc · November 3, 2021, 12:17am

note: both of there link are not same link

newbie · November 3, 2021, 12:32am

note: both of there link are not same link

okay, same page, different part, thanks

Scumbag · November 3, 2021, 9:34am

Ah yes, if your recipients are clients the situation is different and you’ll have to take that into consideration of course

unman · November 3, 2021, 1:00pm

Even for friends, your reputation as a security wonk will take a real
hit if you are sending out malware. (Unless it’s some switch where you
convince them that they are only worried because they aren’t running
Qubes.)

Scumbag · November 4, 2021, 12:55pm

Well, I rarely send files I got somewhere else anyway, 99% of the time I created them myself on Qubes.

ddevz · November 4, 2021, 5:56pm

Can you elaborate on your process for normalizing/sanitizing every file you download?

redmind · September 7, 2024, 1:03pm

@arkenoi I love your idea of “sanitizing to a known safe format”, but as @unman pointed out, the ecosphere require us to remain in the same formats. Can you point us to tools/utils that sanitize a file and then return it to the same original file format?

apparatus · September 7, 2024, 1:24pm

qubes-app-linux-img-converter/README.md at master · QubesOS/qubes-app-linux-img-converter · GitHub
qubes-app-linux-pdf-converter/README.md at master · QubesOS/qubes-app-linux-pdf-converter · GitHub

redmind · September 7, 2024, 1:55pm

thanks @apparatus . Anything for handling the “beloved” MS formats (docx, xlsx, etc.) ?

solene · September 7, 2024, 2:16pm

the best I can see would be to convert it to a text file in a disposable, or print it as a PDF and then convert the PDF into an image using the pdf converter above.

apparatus · September 7, 2024, 2:23pm

I’m not familiar with any of them, but you can search for Content Disarm & Reconstruction tools:

ghostsinthebaseband · September 7, 2024, 3:37pm

sandboxing or a dvm in other words? Good point.

any anti-virus / malware scan (clamav, chrootkit, etc) I have done on linux always comes up with nothing. Does anyone regularly get detection? What are you doing to get known malware? All I get are zero days and perplexities.

might add that certain kinds of DNS filter malware. Domain over Https over Tor may not, but, then again, being a more trackable target may also be bad if your adversary is advanced and actively targeting you (any transfer of information is a potential vector).

redmind · September 10, 2024, 5:19am

@solene I found this site: DOCX Parser Online - Extract Text And Images From DOCX Document
I highly doubt anyone using Qubes (Qubers?) will upload their files to be parsed in a cloud service, but having such service implies that extracting the content is possible. creating a docx with a desired text should be possible as well.

redmind · September 10, 2024, 5:27am

Thanks @apparatus
DocBleach looks promising

Quben · September 11, 2024, 12:47am

An antivirus thread?! What a throwback to decades past.

The thought of using an antivirus in Linux has literally never crossed my mind. The way I figure it, most consumer viruses target W*ndows sheeples, and most Linux viruses that aren’t 0-days either target enterprises or come straight from the package manager. Common sense and compartmentalization are best antivirus

ddevz · September 26, 2024, 5:58pm

You may send files to people that don’t use qubes
Anti-virus software requirements can be found in some security standards now.

Check out unmans thread ending in:

fsflover · December 14, 2024, 10:25am