Security using vbox

[Geralt]

Hi everyone.
I would like to know if any .vdi file could be susceptible to containing malware itself, im talking about the file itself, would there be a way to check it?
I would also like to know how you could download preconfigured VMs to carry out cybersecurity practices.
I would like to do it as safely as possible and avoid possible risks. I understand that if all the VMs are on an internal network and no folders are shared with my host system, the risk would be practically zero.
But what would happen if a NAT adapter was implemented on one of those machines?

Thank you so much

[ambreerose]

Can anyone provide some insight on this topic? I'download lagum interested because I've encountered similar situations. If anyone has a solution or suggestions, please let me know. Thank you..

[klaus]

You're asking some impossible to answer questions. A .vdi file is a disk image, nothing else (it gets read and written while the VM is executing). It's like any other file you have on disk, just that it contains the whole content of a virtual disk.

To my knowledge there are no virus scanners which can process whole disk images. Using disk image mounting tools (including the one included in VirtualBox, at least on some platforms) is inherently risky because it makes the content of the disk image accessible by the host OS. I wouldn't assume that the filesystem code of operating system is considered completely safe with any filesystem structures (possibly containing injected inconsistencies intended to confuse it).