Scan Suspicious Files & Attachments
Upload a document to check it for VBA macros, embedded scripts, executable disguises, malicious links, and scam content. Supports PDF, Office (.doc/.docx/.xls/.xlsx), .zip, TXT, HTML and CSV.
Drag and drop a file or click to upload
PDF, Office docs, .zip, TXT, HTML, CSV
Maximum file size: 10MB
Why scan a file first?
Malicious attachments are a top scam & malware vector
Macro-laden Office documents
A "enable content to view" prompt in a Word/Excel file is how families like Emotet and Qakbot run code. Never enable macros from an unexpected sender.
Executables disguised as documents
"invoice.pdf.exe" or a renamed binary uses a familiar icon to trick you into running malware. Double extensions and format mismatches are red flags.
Archives hide the payload
A .zip (sometimes password-protected) is used to smuggle an .exe past filters. Extract and scan each file individually, and never run programs from one.
Frequently asked questions
Is it safe to upload a suspicious file here?
Yes. We analyze the file on our servers and never run it. We look for macros, embedded scripts, executable disguises, dangerous links and known-bad patterns, then tell you whether it is safe to open on your own device.
Why does a Word or Excel file say "could not fully scan"?
Legacy Office formats (.doc/.xls/.ppt) and archives (.zip) can hide macros or executables that automated scanning cannot fully inspect. That result means "unconfirmed", not "safe" — open legacy Office files in Protected View with macros disabled, and extract archives to scan each file individually.
A document is asking me to "enable content" or "enable macros" — should I?
No. Legitimate documents do not need macros enabled to be read. That prompt is the single most common way document malware (Emotet, Qakbot, ransomware loaders) runs on your machine. Close the file and verify the sender.
The result says "safe" — does that guarantee the file is clean?
No. A clean result means we found no known-bad indicators, but new malware appears constantly and some formats cannot be fully inspected. Always be cautious with unexpected attachments and never run executables you were not expecting.