I'm trying to find out if video containing malware can be cleaned by converting the video to a different format. Similar to how images containing malware can be cleaned by converting them to .BMP.
I expect it's not that simple due to the complexity of video formats, but I haven't been able to find a definitive answer by Googling many reworded questions, so I'm hoping someone here may have an answer :).
Thanks.
I don't think you will find a definitive answer to this as it will depend on the particular malware attack.
For example (with fictitious example attacks):
Looking at the first point - a given frame might be transported 'wrapped' in multiple layers:
If we look at transcoding from one codec to another as an example of changing the format, then, if your malware is in a particular byte sequence in the raw pixels then this transformation will change the bytes and presumably remove it. If the sequence of bytes was in the container or the streaming protocol, for example in one of the container metadata fields, then the malware would survive.
Similarly if you changed the container from mp4 to avi, but kept the codec the same, then the malware would survive if it was in the encoded video.
If you want to make sure everything has changed you would need to change the codec, the container and the streaming protocol and additionally probably remove all metadata and text as this would likely stay the same even when changing containers.
Note that the streams can be encrypted also which may help depending on where the vulnerable component is - i.e. if it is a router or firewall, but be aware many encryption schemes only partially encrypt video streams, for efficiency and to allow the metadata be read in some cases.