About VirusTotal

VirusTotal is an online service that analyzes files and URLs for the detection of viruses, worms, trojans, and other kinds of malicious content using antivirus engines and website scanners. It also has the ability to detect false positives.

VirusTotal is a free service with numerous useful features. For our purpose, we will highlight the following:

  • VirusTotal stores all the analyses it performs, allowing the hash of a specific file to be searched. By sending the hash to the VirusTotal engine, you can know if that specific file has already been scanned by VirusTotal, and you can analyze its report.

  • VirusTotal also provides an API that allows access to the information generated by VirusTotal without needing to utilize the HTML website interface. This API is subject to its Terms of Service which are briefly discussed in the following section.

Terms of Service

VirusTotal's Terms of Service specify the two ways the VirusTotal API may be used:

Public API

This method uses a free API with many of VirusTotal's functionalities. However, it has some important limitations, such as:

  • Request ratio limitation to no more than four requests per minute

  • Low priority access of requests done by this API for the VirusTotal engine

The VirusTotal documentation indicates that users who run a honeyclient, honeypot, or any other automation that provides resources to VirusTotal are rewarded with a higher request rate quota and special privileges when performing the calls to the API.

Private API

VirusTotal also provides a premium Private API where the request rate and total number of queries allowed is only limited by the user's Terms of Service. Apart from that, it provides high priority access for requests, along with additional advantages.

To find out more about VirusTotal, its Terms of Service and using its API, please visit their website.