VirusTotal is an online service that analyzes files and URLs for the detection of viruses, worms, trojans and other kinds of malicious content using antivirus engines and website scanners. It also has the ability to detect false positives.
VirusTotal is a free service with numerous useful features. For our purpose, we will highlight the following:
VirusTotal stores all of the analyses it performs which allows for the hash of a specific file to be searched. By sending the hash to the VirusTotal engine, it can be known if that specific file has already been scanned by VirusTotal and analyze its report.
VirusTotal also provides an API that allows access to the information generated by VirusTotal without needing to utilize the HTML website interface. This API is subject to its Terms of Service which are briefly discussed in the following section.
VirusTotal’s Terms of Service specify the two ways the VirusTotal API may be used:
This method uses a free API with many of VirusTotal’s functionalities, however, it has some important limitations, such as:
the request ratio limitation to no more than four requests of per minute, and
low priority access of requests done by this API for the VirusTotal engine.
The VirusTotal documentation, indicates that users who run a honeyclient, honeypot or any other automation that provides resources to VirusTotal are rewarded with a higher request rate quota and special privileges when performing the calls to the API.
VirusTotal also provides a premium Private API where the request rate and total number of queries allowed is only limited by the user’s Terms of Service. Apart from that, it provides high priority access for requests, along with additional advantages.
To find out more about VirusTotal, its Terms of Service and using its API, please visit their website.