Security
Archive Risk Checker
Not antivirus — a structural risk inspection tool. Upload a ZIP and this tool scans for patterns associated with malicious archives: executable and script files, double-extension tricks (invoice.pdf.exe), macro-enabled Office documents, hidden files, password-protected archives, and suspicious compression ratios. Outputs a risk score with an explanation.
Input formats
Output formats
Common uses
- Check a ZIP received from an unknown source
- Verify a downloaded archive before opening
- Audit a client-submitted ZIP
- Check an attachment before extracting on a work computer
- Teach employees what a suspicious archive looks like
Limitations
- This tool checks file structure and patterns — it is NOT an antivirus scanner.
- A 'Low' risk score does not guarantee the archive is safe.
- Use antivirus software in addition to this tool for important files from untrusted sources.
Frequently asked questions
No. This tool checks the file structure and metadata for patterns commonly associated with suspicious archives. It does not scan file contents with antivirus signatures. Always use updated antivirus software for files from untrusted sources.
A file named invoice.pdf.exe or photo.jpg.scr. The operating system shows it as a PDF or image but it is actually an executable. This is a common technique used to trick users into running malicious files.
An archive bomb is a ZIP that appears small but expands to an enormous size when extracted — sometimes gigabytes or terabytes. This can crash systems or fill disk space. A high compression ratio (e.g., 1 KB compressed → 1 GB extracted) is a warning sign.
Low: normal document and image contents. Medium: scripts, macros, hidden files, or nested archives. High: executables, double extensions, archive bomb patterns, or path traversal attempts.