Friday, May 11, 2012

Using the VirusTotal API v2.0


VirusTotal is a very useful Website for getting the opinions of >40 anti-virus products as to whether or not a file is infected with malware.  What is particularly interesting is that in addition to their Web interface, they offer an API for their service (https://www.virustotal.com/documentation/public-api/).  While their documentation for their API is good, all of the code examples are in Python.  The code snippets below illustrate how to interact with the VirusTotal API using Perl.  The first LWP request of the application demonstrates the submission of a file to VirusTotal.  The JSON response is then processed to obtain the SHA256 hash of the submitted file, which in turn is used as part of a second request to VirusTotal to retrieve the scan results.  The response from the second request will indicate how many AV products flagged the file as containing a virus. 

In terms of testing the API, it may be helpful to consider using EICAR test strings (http://www.eicar.org/86-0-Intended-use.html) as they provide a safe way to trigger the majority of AV scanners.  The Test.txt file used to test the code provided here contained an EICAR test string.  

 #!usr/bin/perl

# Copyright 2012- Christopher M. Frenz
# This script is free software - it may be used, copied, redistributed, and/or modified
# under the terms laid forth in the Perl Artistic License

use LWP::UserAgent;
use JSON;
use strict;

#Code to submit a file to Virus Total
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 1 });
my $url='https://www.virustotal.com/vtapi/v2/file/scan';

my $key='YourKeyHere';

my $response = $ua->post( $url,
    Content_Type => 'multipart/form-data',
    Content => ['apikey' => $key,
    'file' => ['Test.txt']]
  );
die "$url error: ", $response->status_line
   unless $response->is_success;
my $results=$response->content;

#pulls the sha256 value out of the JSON response
#Note: there are many other values that could also be pulled out
my $json = JSON->new->allow_nonref;   
my $decjson = $json->decode( $results);
my $sha=$decjson->{"sha256"};
print $sha ."\n\n";

#Code to retrieve the results that pertain to a submitted file by hash value
$url='https://www.virustotal.com/vtapi/v2/file/report';

$response = $ua->post( $url,
    ['apikey' => $key,
    'resource' => $sha]
  );
die "$url error: ", $response->status_line
   unless $response->is_success;
$results=$response->content;

#processes the JSON to see how many AV products consider the file a virus
$json = JSON->new->allow_nonref;   
$decjson = $json->decode( $results);
print $decjson->{"positives"};

10 comments:

Sushil Das said...
This comment has been removed by the author.
Sushil Das said...

Run website on Offline mode Using UpUp Javascript Framework
AngularJS LazyTube directive
Scan Uploaded File using VirusTotal Java Library
Get Data From Database Using AngularJS in JSP
PrimeFaces vs RichFaces vs IceFaces in JSF
PDF Reader Android SDK
Diference - JavaFx vs Swing

David Jones said...

Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me..
I am a regular follower of your blog. Really very informative post you shared here.
Kindly keep blogging. If anyone wants to become a Front end developer learn from Javascript Training in Chennai .
or Javascript Training in Chennai.
Nowadays JavaScript has tons of job opportunities on various vertical industry. ES6 Training in Chennai

Teju Teju said...

Really nice blog post. provided a helpful information. I hope that you will post more updates like this Ruby on Rails Online Course Bangalore

anushri v said...

I am sure this post has helped me save many hours of browsing other related posts just to find what I was looking for. Many thanks!
python Training institute in Pune
python Training institute in Chennai
python Training institute in Bangalore

priya said...

Really great post, Thank you for sharing This knowledge.Excellently written article, if only all bloggers offered the same level of content as you, the internet would be a much better place. Please keep it up!
Data Science Course in Indira nagar
Data Science Course in btm layout
Python course in Kalyan nagar
Data Science course in Indira nagar
Data Science Course in Marathahalli
Data Science Course in BTM Layout

sheela said...

I read this post two times, I like it so much, please try to keep posting & Let me introduce other material that may be good for our community.
Best Devops Training in pune
Devops Training in Bangalore
Microsoft azure training in Bangalore
Power bi training in Chennai

Priyadarshini Yadav said...

Wow!! Really a nice Article. Thank you so much for your efforts. Definitely, it will be helpful for others. I would like to follow your blog..Artificial Intelligence Training in Bangalore. Keep sharing your information regularly for my future reference. Thanks Again.

franklinraj said...

Thank you for excellent article.

Please refer below if you are looking for best project center in coimbatore

final year projects in coimbatore
Spoken English Training in coimbatore
final year projects for CSE in coimbatore
final year projects for IT in coimbatore
final year projects for ECE in coimbatore
final year projects for EEE in coimbatore
final year projects for Mechanical in coimbatore
final year projects for Instrumentation in coimbatore

jefrin adams said...

Topic is good to read thanks for sharing
power BI training course in chennai