
I've tried the route of queuing and manually running a CLI AV - in my case Windows Defender - but it took on average over 2 mins to scan a file (might be good enough for your use case). NET to scan in-memory (although very old from 2017):Įach commercial Enterprise grade AV has some kind of Web API, but there is no standard - so individual development is required for each one. I've also found out a fairly active open-source scanner:Īnd a library in. Using Windows Antimalware Scan Interface in. NET for AV scanning, but it seems there isn't much out there.ĪMSI is a new standard (starting Win10), but seems to be only for "Fileless scans" (i.e. bat in order to give commands to the antivirus programs to scan the files? Is there any third party web api that can be installed on premise? Would it be better to develop a windows service that scans the files from a queue and runs a.

That is why it seems that AMSI is being bypassed.ĭo you know what I could do to fix it? Why is it that the AMSI is being bypassed? What should I check or take into consideration? When I test a call to AMSI with an eicar standard content, AMSI returns the result as if there is no detected malware even if I had a post with malware content. net core to analyze the http requests for malware content but my tests are not working on some servers where Symantec endpoint protection is installed as an Antivirus provider and subscriber to AMSI. Which means that any application can call it and any registered Antimalware engine can process the content submitted to it. AMSI provides enhanced malware protection for your end-users and their data, applications, and workloads. The Windows Antimalware Scan Interface (AMSI) is a versatile interface standard that allows your applications and services to integrate with any antimalware product that's present on a machine. Calling a third party over the internet is not an option for me because the client wants the verification to be done on-premise. I’ve identified two ways of scanning the files: calling a third party API from cloud or calling AMSI interface. I read the OWASP recommendations and one of them was to scan the files for malware

I’m in charge with the improvement of the website security policy for our web applications that were developed in. I want to scan for malware content directly in memory files and I want to know which is the best way to do it.
