How to Scan Files for Viruses, Malware and XXE Threats using C/C++ Code Examples
XML is a powerful format, owing largely to its extensibility (it’s in the name, after all) when compared with simpler text-based formats like JSON and CSV. Using the external entity feature in XML, it’s possible to make references to externally stored data from within an XML document, and if an application’s XML parsers aren’t properly sanitized/validated, those external entities be used to bring malicious external content into the application to initiate a cyberattack.
In some cases, flagging and blocking XML files containing external entities is the safest way to avoid XXE attacks. Using the code provided below, you can simultaneously detect XXE threats and scan files for millions of virus and malware signatures, and you can set a variety of additional custom threat detection policies against other, similar hidden content threat types (like executable files, files containing macros, scripting files, etc.). This solution is free to use — you’ll just need to provide a free-tier Cloudmersive API key in the authorization header.
You can start by installing libcurl to your project:
libcurl/7.75.0And you can quickly finish the process of structuring your API call by copying the below code into your file:
CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(curl, CURLOPT_URL, "https://api.cloudmersive.com/virus/scan/file/advanced");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "allowExecutables: <boolean>");
headers = curl_slist_append(headers, "allowInvalidFiles: <boolean>");
headers = curl_slist_append(headers, "allowScripts: <boolean>");
headers = curl_slist_append(headers, "allowPasswordProtectedFiles: <boolean>");
headers = curl_slist_append(headers, "allowMacros: <boolean>");
headers = curl_slist_append(headers, "allowXmlExternalEntities: <boolean>");
headers = curl_slist_append(headers, "allowInsecureDeserialization: <boolean>");
headers = curl_slist_append(headers, "allowHtml: <boolean>");
headers = curl_slist_append(headers, "restrictFileTypes: <string>");
headers = curl_slist_append(headers, "Content-Type: multipart/form-data");
headers = curl_slist_append(headers, "Apikey: YOUR-API-KEY-HERE");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_mime *mime;
curl_mimepart *part;
mime = curl_mime_init(curl);
part = curl_mime_addpart(mime);
curl_mime_name(part, "inputFile");
curl_mime_filedata(part, "/path/to/file");
curl_easy_setopt(curl, CURLOPT_MIMEPOST, mime);
res = curl_easy_perform(curl);
curl_mime_free(mime);
}
curl_easy_cleanup(curl);Within the request body you can set a Boolean to block XXE threats. When this is set to “False”, the API will return a “CleanResult: False” response for any files containing XXE threats.
