VERAQIS / Security

Security & safety model

VERAQIS exists to handle damaged and untrusted files. Treating every input as hostile isn't a feature — it's the whole job.

How untrusted input is handled

RO

Read-only source

The file you point VERAQIS at is opened read-only. Output goes to staging and then to a destination you choose — the original is never modified in place.

BOX

Sandboxed processing

Decompression, container recursion and any external tool execution are confined. Resource limits guard against decompression bombs; breaches are recorded as first-class evidence, never crashes.

PATH

Path safety

Zip-Slip path traversal, absolute and drive-relative/UNC paths, reserved names, and symlinks are detected and refused — extraction stays inside the chosen target.

CAP

Bomb & overlap defenses

An incremental, output-capped ratio gate stops zip bombs and overlapping-entry tricks before they exhaust the machine.

Privacy & trust by design

Release integrity & public trust

The site should create trust by stating the release state plainly, not by hiding awkward details.

Checksums are published

The Windows CLI, Linux CLI and Desktop beta installer are listed with SHA-256 hashes on the download page and in the checksum file.

Windows packages withdrawn

No Windows artifact is currently offered. Fresh Recovery and ColdPass builds must pass content review and signing checks before publication.

Pages before binaries

Public pages are open for indexing; executable download paths are kept out of crawler targets so people see context and warnings first.

Reporting a vulnerability

Found a security issue? Please report it privately so it can be fixed before public disclosure.

Email support@veraqis.tech with steps to reproduce and affected versions. Please don't open a public issue for a security report. We'll acknowledge and work with you on a fix and disclosure timeline.

VERAQIS is beta software — see the honest scope and no-guarantee terms on the Terms of Use page.

Security questions

Direct answers to the trust questions evaluators ask first.

Does VERAQIS modify the original file?

No. VERAQIS opens the source read-only and writes recovered output to staging and then to a destination chosen by the user.

Does VERAQIS use telemetry?

No. The beta tools and static site are designed without telemetry, analytics or call-home behavior.

How should vulnerabilities be reported?

Security issues should be reported privately by email to the address on this page, with reproduction steps and affected versions.