To answer your questions, we have to understand what malware in an mp4 file actually means.
An mp4 file isn't an executable, so it will not run any (malicious) code directly. Therefore, if a mp4 file contains malware that wants to execute instructions, it has to exploit a vulnerability (e.g. a buffer overflow) in the program that plays the file. This can either be a known vulnerability that hasn't been patched or a 0-day.
I will answer your questions inline below:
- Is it easy to bypass the google security that is implemented in gmail so that it will not be detected as virus/malware by gmail?
Depends on the malware. If it has a known signature or is easily detectable with heuristic methods, it is very likely that it is caught by a malware detection system at gmail. But if you are dealing with a 0-day, chances drop dramatically.
- Once, downloaded the video, how to check whether it contains a malware/virus or not (other methods than using virustotal...)?
If you are not an expert in reverse engineering, your best bet actually are established malware detection systems like virustotal. In case you REALLY need to play the file and are afraid of infection, use a throw-away OS (e.g. in a hardened virtual machine) to play it and wipe the system afterwards.
- Is it possible that the malware can infect multiple OS (Windows and Linux: mainly Ubuntu)?
Very unlikely, because the exploit probably uses a memory corruption bug, which is usually platform specific.
