• Register

What are some techniques for safely preserving virus-infected files?

+1 vote

I'm going to phrase this hypothetically, but it's based on a real scenario:

Suppose you have a collection of software from the late 1980s/early 1990s. The floppy disks have been imaged (and you still have the original media) and a virus check run across the entire collection turns up about a dozen infected files out of a total of ~15,000 files.

Suppose further that you've run some additional analysis and determined that the infected files are 

  1. Not false positives - that is, the virus check results are accurate
  2. Not duplicates of uninfected files.
  3. Integral parts of the collection

Now suppose you want to preserve and provide access to those files, including the viruses - with clear warnings about their content, of course. What are some techniques you could use to do so? Build a second environment for infected files? Wrap the files up in a container like WARC, as suggested in a previous question about infected files? [1] Other thoughts? 

[1] http://qanda.digipres.org/221/accessioning-materials-discovering-contaminated-materials?show=228#a228

asked Oct 28, 2014 by andrewjbtw (310 points)

1 Answer

+2 votes
For the preservation part, I would say that the fact that the viruses are locked up in disk images means is sufficient. Adding extra layers of security is not necessary unless it is somehow possible that a disk image might be mounted accidentally while in storage.

For access, I would generally expect to use disposable virtual machines and/or emulated environments for this kind of material. By default, these would also be network isolated and no file transfer in/out would be allowed without oversight, in case the virus escapes again. I guess it is just about plausible that at some point there might be viruses that are old enough to have been forgotten by modern virus detection software, but still potent enough to infect modern machines.
answered Oct 28, 2014 by anjackson (2,950 points)