VERAQIS exists to handle damaged and untrusted files. Treating every input as hostile isn't a feature — it's the whole job.
The file you point VERAQIS at is opened read-only. Output goes to staging and then to a destination you choose — the original is never modified in place.
Decompression, container recursion and any external tool execution are confined. Resource limits guard against decompression bombs; breaches are recorded as first-class evidence, never crashes.
Zip-Slip path traversal, absolute and drive-relative/UNC paths, reserved names, and symlinks are detected and refused — extraction stays inside the chosen target.
An incremental, output-capped ratio gate stops zip bombs and overlapping-entry tricks before they exhaust the machine.
The site should create trust by stating the release state plainly, not by hiding awkward details.
The Windows CLI, Linux CLI and Desktop beta installer are listed with SHA-256 hashes on the download page and in the checksum file.
No Windows artifact is currently offered. Fresh Recovery and ColdPass builds must pass content review and signing checks before publication.
Public pages are open for indexing; executable download paths are kept out of crawler targets so people see context and warnings first.
Found a security issue? Please report it privately so it can be fixed before public disclosure.
VERAQIS is beta software — see the honest scope and no-guarantee terms on the Terms of Use page.
Direct answers to the trust questions evaluators ask first.
No. VERAQIS opens the source read-only and writes recovered output to staging and then to a destination chosen by the user.
No. The beta tools and static site are designed without telemetry, analytics or call-home behavior.
Security issues should be reported privately by email to the address on this page, with reproduction steps and affected versions.