How to Scan Files for Viruses & Block Password Protected Files using C/C++
Password protection on any document is normally intended to keep unwanted readers/viewers away from that document’s contents. In some cases, however, password protection can be used to hide malicious contents stored within a document’s file structure, and if that document is eventually opened with a threat actor’s externally supplied password, a devastating cyberattack can take place.
It’s often best to block files with password protection when they come from client-side user upload workflows or other external and untrusted locations. Using the below C/C++ code, you can take advantage of an API which simultaneously scans files for virus and malware signatures and provides custom threat rules to block hidden content threats, including password protected files (and other threatening file types like executables, macros, scripts, and more).
First, install libcurl in your project:
libcurl/7.75.0
Next, copy the below code to structure your request:
CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(curl, CURLOPT_URL, "https://api.cloudmersive.com/virus/scan/file/advanced");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "allowExecutables: <boolean>");
headers = curl_slist_append(headers, "allowInvalidFiles: <boolean>");
headers = curl_slist_append(headers, "allowScripts: <boolean>");
headers = curl_slist_append(headers, "allowPasswordProtectedFiles: <boolean>");
headers = curl_slist_append(headers, "allowMacros: <boolean>");
headers = curl_slist_append(headers, "allowXmlExternalEntities: <boolean>");
headers = curl_slist_append(headers, "allowInsecureDeserialization: <boolean>");
headers = curl_slist_append(headers, "allowHtml: <boolean>");
headers = curl_slist_append(headers, "restrictFileTypes: <string>");
headers = curl_slist_append(headers, "Content-Type: multipart/form-data");
headers = curl_slist_append(headers, "Apikey: YOUR-API-KEY-HERE");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_mime *mime;
curl_mimepart *part;
mime = curl_mime_init(curl);
part = curl_mime_addpart(mime);
curl_mime_name(part, "inputFile");
curl_mime_filedata(part, "/path/to/file");
curl_easy_setopt(curl, CURLOPT_MIMEPOST, mime);
res = curl_easy_perform(curl);
curl_mime_free(mime);
}
curl_easy_cleanup(curl);
Now you can set the “allowPasswordProtection” boolean to “False” to block password protected files. To complete your request, you’ll need to provide an API key in the authorization header (you can get one for free with a limit of 800 API calls per month on the Cloudmersive website).