Get-SPOMalwareFileContent

Gets the file stream associated with the malware-infected file stored in SharePoint.

Syntax

Get-SPOMalwareFileContent
   -MalwareInfectedFile <SPOMalwareFile>
   [<CommonParameters>]

Description

The Get-SPOMalwareFileContent cmdlet runs on a single file. If the file is malware-infected then it returns the file stream associated with it. You must be a SharePoint Online administrator to run the Get-SPOMalwareFileContent cmdlet. Note that this cmdlet does not work on files that are not malware-infected.

For permissions and the most current information about Windows PowerShell for SharePoint Online, see the online documentation at Intro to SharePoint Online Management Shell.

Examples

EXAMPLE 1

$file = Get-SPOMalwareFile -FileUri "https://contoso.com/sites/Marketing/Shared Documents/Doc1.docx"
Get-SPOMalwareFileContent -MalwareInfectedFile $file

Example 1 returns the file stream.

EXAMPLE 2

Get-SPOMalwareFile -FileUri "https://contoso.com/sites/Marketing/Shared Documents/Doc1.docx" | Get-SPOMalwareFileContent

Example 2 returns the file stream.

EXAMPLE 3

$SPOFileUri = "https://contoso.com/sites/Marketing/Shared Documents/Doc1.docx"

$fileName = $SPOFileUri.split("/")[-1]
$localFolder = ".\$fileName"
$targetfile = New-Object IO.FileStream ($localFolder,[IO.FileMode]::Create)
[byte[]]$readbuffer = New-Object byte[] 1024

$file = Get-SPOMalwareFile -FileUri $SPOFileUri
$responseStream = Get-SPOMalwareFileContent -MalwareInfectedFile $file
do{
    $readlength = $responsestream.Read($readbuffer,0,1024)
    $targetfile.Write($readbuffer,0,$readlength)
}
while ($readlength -ne 0)
$targetfile.close()

Example 3 downloads the file to the current working directory using the original filename.

Parameters

-MalwareInfectedFile

SPOMalwareFile object returned by Get-SPOMalwareFile cmdlet.

Type:SPOMalwareFile
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:SharePoint Online

Notes

To get the SPOMalwareFile object, the user should execute the Get-SPOMalwareFile cmdlet first. Then that object can be used as a parameter to the Get-SPOMalwareFileContentContent cmdlet.