How to Detect Viruses, Malwares and Document Macros using C/C++ Code Examples
The Macros feature available in certain Office documents is, unfortunately, a well-known and well-documented cyberattack vector. While it’s possible to turn macros on and off in a document, it’s still dangerous to allow documents containing macros to enter your system from external sources, and for that reason it’s important to detect, flag and quarantine (or delete) macros before they reach sensitive locations accessible to internal users on a network.
Using the below code, you can leverage an API request to identify and block files containing macros. This API also scans files for millions of virus and malware signatures and allows you to set a variety of additional threat rules against other hidden content threats (like scripts, executables, etc.), so it can serve as a powerful multi-threat detection step in protection of sensitive applications and storage locations.
To structure your API request with C/C++ code examples, start by installing libcurl in your project:
libcurl/7.75.0Next, copy the below code to structure your API call:
CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(curl, CURLOPT_URL, "https://api.cloudmersive.com/virus/scan/file/advanced");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "allowExecutables: <boolean>");
headers = curl_slist_append(headers, "allowInvalidFiles: <boolean>");
headers = curl_slist_append(headers, "allowScripts: <boolean>");
headers = curl_slist_append(headers, "allowPasswordProtectedFiles: <boolean>");
headers = curl_slist_append(headers, "allowMacros: <boolean>");
headers = curl_slist_append(headers, "allowXmlExternalEntities: <boolean>");
headers = curl_slist_append(headers, "allowInsecureDeserialization: <boolean>");
headers = curl_slist_append(headers, "allowHtml: <boolean>");
headers = curl_slist_append(headers, "restrictFileTypes: <string>");
headers = curl_slist_append(headers, "Content-Type: multipart/form-data");
headers = curl_slist_append(headers, "Apikey: YOUR-API-KEY-HERE");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_mime *mime;
curl_mimepart *part;
mime = curl_mime_init(curl);
part = curl_mime_addpart(mime);
curl_mime_name(part, "inputFile");
curl_mime_filedata(part, "/path/to/file");
curl_easy_setopt(curl, CURLOPT_MIMEPOST, mime);
res = curl_easy_perform(curl);
curl_mime_free(mime);
}
curl_easy_cleanup(curl);Setting the “allowMacros” Boolean to “False” will return a “CleanResult: False” response from the scanning service for any file containing macros, and the same is true for any file type covered in the custom threat protection headers. To authorize your request, provide a free-tier Cloudmersive API key in the authorization header, and you’re good to go.
