BlendScan

BlendScan is a comprehensive security addon for Blender that protects users from malicious .blend files and embedded scripts. With the rise of malware targeting 3D artists through infected Blender files, BlendScan provides real-time protection, automated threat detection, and secure script execution.

Why BlendScan?

• Malicious .blend files can contain embedded Python scripts that execute automatically
• Scripts can steal data, install malware, or damage your system
• BlendScan prevents automatic execution and analyzes content before allowing scripts to run

Features

Comprehensive Threat Detection

• Real-time Script Analysis - Analyzes Python scripts before execution
• Embedded Script Detection - Finds hidden scripts in text blocks, nodes, and properties
• Base64/Hex Decoding - Detects obfuscated malicious payloads
• Driver Expression Analysis - Scans animation drivers for malicious code
• Custom Property Scanning - Checks for scripts hidden in object properties

Auto-Protection System

• Auto-Run Blocking - Automatically disables "Auto Run Python Scripts"
• Ctrl+P Override - Secure script execution with security analysis
• Countdown Warning - 10-second warning before closing on critical threats
• Continuous Monitoring - Real-time monitoring of text block changes

Risk Assessment

• 4-Level Risk System - Low, Medium, High, Critical
• Pattern-Based Detection - 50+ security rules for threat identification
• Network Activity Detection - Identifies scripts making external connections
• System Access Monitoring - Detects file system and command execution

Blender-Specific Protection

• Event Handler Analysis - Scans load/save/render handlers
• Node Script Detection - Analyzes Geometry/Shader node scripts
• Addon Verification - Checks for suspicious addon installations
• Driver Namespace Protection - Monitors driver namespace manipulation

Installation

Manual Installation

1. Download the latest release from Github
2. Open Blender and go to Edit > Preferences > Add-ons
3. Click Install... and select the BlendScan zip file
4. Enable the addon by checking the box next to "Security: BlendScan"

Requirements

• Blender 4.4.3+ (tested on latest versions)
• Python 3.10+ (included with Blender)
• Operating System: Windows, macOS, Linux
• Docker (optional, for containerized security scanning)

Usage

Basic Protection (Automatic)

BlendScan works automatically once installed:

• Auto-Run Disabled - Prevents automatic script execution
• File Load Scanning - Analyzes files when opened
• Real-time Monitoring - Watches for new/modified scripts

Manual Security Scanning

Text Editor Panel

1. Open the Text Editor workspace
2. Navigate to Properties Panel > BlendScan tab
3. Use available tools:
   • Analyze Script - Scan current text block
   • Run Script (Secure) - Execute with security check
   • Scan All Scripts - Comprehensive file analysis

Keyboard Shortcuts

• Ctrl+P - Secure script execution (overrides default)
• Scripts are analyzed before execution with automatic blocking of high-risk code

Security Dialog

When threats are detected:

SECURITY THREAT DETECTED
Blender will close in 10 seconds

Risk Level: CRITICAL
• Malicious Scripts Found: script.py
  - Base64 Decoding
  - System Command Execution
• Only open files from trusted sources

Security Features

Threat Detection Categories

CategoryRisk LevelExamplesCode ExecutionCriticalexec(), eval(), compile()System AccessCriticalos.system(), subprocess.call()Network ActivityHighHTTP requests, socket connectionsFile OperationsHighFile deletion, directory manipulationObfuscationHighBase64 encoding, hex stringsBlender API AbuseMediumHandler registration, driver manipulation

Protection Levels

Critical Threats

• Immediate Closure - Blender closes automatically
• 10-Second Warning - Countdown dialog with threat details
• No Execution - Scripts are completely blocked

High/Medium Threats

• Warning Messages - Console and UI notifications
• Optional Execution - User can choose to proceed
• Detailed Analysis - Full threat breakdown

Low Risk

• Console Logging - Informational messages
• Normal Execution - Scripts run normally
• Background Monitoring - Continuous observation