Scan an Attachment Manually

You can (re)scan any attachment that is part of investigation manually. You might want to scan an attachment manually because:

  • You want scanning re-done
  • You want a different engine to scan an attachment than the one that scanned it automatically
  • You have disabled automatic uploading of attachments for scanning

Manual scanning means submitting the attachment to one of the attachment analysis engines (VirusTotal or Hybrid Analysis) used by Phishing Response from within an investigation's details view.

  1. Click on an investigation to select it.
  2. Click on the Attachments icon in the selected investigation. You will see the investigation details page with the Attachments tab selected. (If it is not selected, click the Details tab, and then click the Attachments tab.)
  3. Click an attachment to view the current scan status.
  4. Click Scan (or Rescan) for any of the scanning services to manually start a scan by that service.

A scan by VirusTotal should return results fairly quickly. A scan by Hybrid Analysis might take 5-10 minutes. Refresh the page to view scan results.

Scanable File Types

The attachment analysis engines analyze only specific file types. If you attempt to upload an attachment for analysis that is not supported by the analysis engine, the upload will be rejected and you will get an error message.

According to their documentation, Hybrid Analysis supports scanning of the following file types:

  • PE files (.exe, .scr, .pif, .dll, .com, .cpl, etc.)
  • Office (.doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub)
  • PDF
  • APK
  • executable JAR
  • Windows Script Component (.sct)
  • Windows Shortcut (.lnk)
  • Windows Help (.chm)
  • HTML Application (.hta)
  • Windows Script File (*.wsf)
  • Javascript (.js)
  • Visual Basic (*.vbs, *.vbe)
  • Shockwave Flash (.swf)
  • Perl (.pl)
  • Powershell (.ps1, .psd1, .psm1)
  • Scalable Vector Graphics (.svg)
  • Python (.py) and Perl (.pl) scripts
  • Linux ELF executables
  • MIME RFC 822 (*.eml)
  • Outlook *.msg files
  • archive files (ace, arj, 7z, bzip2, gzip2, iso, rar, rev, tar, wim, xz and zip)