Please suggest a Implementation pattern to scan a file before reading from a server

Hi Team, we already use FireEye in our organization.
for one of our new projects, we want to scan a file before picking it up from a remote server location. Read about the On-Demand API.
Need a suggestion from our community, what is the best implementation pattern?

our solution: Pickup file from a remote server and place it in our machine then POST to on-demand API attaching the file in the request. if success response then we start processing the file.

questions on this :

  1. Isn’t it a bad idea to have a copy of the file in our machine before scanning it?
  2. Does Having a .zip file make it more secure?

Best Regards
Karthik

1 Like

Hey Karthik,

It’s currently Saturday here so I can’t get you an immediate answer, but I’ll send this question to our Detection On Demand team and we can get you an answer when we are all back online on Monday! Thank you!

Hi Karthik,

Isn’t it a bad idea to have a copy of the file in our machine before scanning it?

There’s always the possibility that the sheer fact of downloading a file to your endpoint can compromise your network, for instance by downloading a file that exploits a networking device on your edge, however this is relatively rare. There’s also the case that someone accidentally runs the file. It would be more secure to have Detection on Demand simply fetch the file for you, by either leveraging one of our plugins, or by giving us the direct link to the individual file.

Is the above possible? If not, then yes, a zip file may be marginally more secure for your endpoint, as it would decrease the risk of someone accidentally clicking on the file, but it’s not a perfect solution. Hope this helps.

1 Like

Thank you for the prompt response.
could you help me with the plugIn name & details that help in this pattern?