Sharing groups of files in .ZIP archive format is common practice for users working within most professional networks. Compressing bulky files (including .PPTX, .XLSX, or .DOCX for example) drastically accelerates file upload processes and facilitates faster file sharing over communication platforms. The trouble with .ZIP files, however, is that they’re just as expedient for client-side threat actors as they are convenient for trustworthy users. As a result, it’s often best to avoid allowing .ZIP files move through our network entirely.
What makes .ZIP archives dangerous?
Files containing viruses, malware and other malicious content can be compressed together into .ZIP archives and jointly bypass weakly configured upload security policies. In some cases, polymorphic code can be used to further disguise these threats, ensuring any traceable signatures change frequently enough that basic anti-virus & anti-malware policies are thrown off their trail. Left undetected, these unsafe archives can remain dormant in file storage for extended periods of time before trusted users unwittingly open and activate their contents.
Further, even without using malicious code, threat actors can weaponize .ZIP files by filling them with immense quantities of data. Known as “ZIP Bombs,” these overloaded archives are intended to rapidly overwhelm and crash a system once opened, triggering Denial of Service (DoS) and sometimes opening the door to subsequent cyber-attacks.
How can the Cloudmersive Advanced Virus Scan API protect a system against unsafe archives?
Deployable in multiple critical locations around a network – including at the file storage layer, at the network edge, and in defense of any specific application with custom code integration – the Cloudmersive Advanced Virus Scan API can be used to scan inbound & outbound archives for millions of virus and malware signatures. In addition, a custom policy can be configured within the Advanced Virus Scan API request body to specifically detect and weed out unsafe archive contents. Once configured, all unsafe archives will receive a CleanResult: False Boolean within the API response body, making it easy to delete or quarantine these files before they can reach their intended destination.
For more information on Cloudmersive Virus Scanning APIs, please do not hesitate to reach out to a member of our sales team.