Scanning Google Drive for Malware

The FireEye Developer Relations team has just open sourced their first Detection on Demand example application, which is available to the public and free to copy and modify for any use. The Google Drive example app is a standalone Python script that will scan for and quarantine malicious files in a Google Drive account. The source code and directions for installation can be found on our GitHub page, which will be home to more apps and sample code in the future.

When the app is run for the first time, it will open a web browser to obtain the necessary permissions to download and move files in the user’s Google Drive account, as seen in Figure 1.

Figure 1: Allow the app to access your Drive account

Once granted, the app will then proceed to download all files in the drive that are less than 32 MB in size and submit each one to the Detection on Demand service. For each file it submits, it will poll the Detection on Demand service until it receives the report that determines if the file is malicious or not. If the file is malicious, then the script will move the file to a designated quarantine folder in the Drive account so the user can determine how they want to deal with the file (Figure 2).

Figure 2: Malware awaits user action in the Quarantine folder

And that’s all—it really is that simple! This release is part of the FireEye Developer Relations team’s commitment to focus on improving developer experiences through technical documentation, tooling and community. Developers using Detection on Demand might find the following resources helpful:

• OpenAPI specification
• Python client library
• Community forum