Friday, 11 July 2014

Mac OS X Uploader update to version 1.2

The VirusTotal Mac OS X uploader has been updated to version 1.2. This corresponds to the source code being open sourced for it yesterday. You can download the update on our OS X desktop application page. The changes in the version from the 1.1 version are:
  • Fixes and bug reports by users
  • Checks for updates and will notify you if we release other versions
  • You can drag and drop a file on the OS X menu bar on the application icon for scanning

Thursday, 10 July 2014

VirusTotal open sources uploader for Mac OSX and Linux

Recently we released the VirusTotal uploader for OS X. It now supports Linux, and we are releasing it as open-source under the Apache License 2.0 terms so 3rd parties can package it for different linux distributions. You can git the source at:

Systems administrators, engineers and security analysts often use GNU/Linux, Mac OS, or BSD. The VirusTotal uploader can be compiled and distributed on these systems. This will give users the 2nd opinion that that VirusTotal can offer and should make queueing scans on VirusTotal easier.

The requirements to compile on linux are:
  • C++ compiler (gcc tested)
  • QT Version 5 or newer development packages. Most linux distributions have this already.
  • C Interface to VirusTotal API which we recently open-sourced.
To compile on Mac OS X, you will need xcode development tools.

The Features of the program are the same:
  • Drag and drop a file to the VirusTotal Uploader in order to scan it with over 50 antivirus solutions.
  • Drag and drop a folder to the VirusTotal Uploader and schedule the analysis of its content
  • Allow you to "Open With" in a file browser to scan a file.
If anyone wishes to send patches, please do a pull request to us on github. Comments and suggestions are welcome. 

Tuesday, 8 July 2014

virustotal += Spam404 URL scanner

Spam404 is a blacklist of abusive domains that engage in shady activities such as scamming, spamming, phishing, etc. As described by its developers:
We are mainly blacklisting websites that are tricking users into completing offers by advertising content that is very desirable but the website doesn't actually have the content and it is just to make the end user complete an offer. From our intense research, these kind of websites are not getting enough attention in terms of blacklisting and we are the only website to offer such a blacklist for these kind of websites but we believe it is in the best interests of all internet users to have these kind of websites blacklisted.
We are also blacklisting other abusive websites including phishing and other kinds of scams.
As of today, Spam404 is producing verdicts for URLs submitted to virustotal, giving yet another notion of maliciousness to users enjoying the service. An example of a Spam404 detection can be found here:

Welcome Spam404 team!

Monday, 7 July 2014

virustotal += Rising URL scanner

Rising is a Chinese software company that produces the anti-virus software Rising Antivirus, a firewall, UTM and spam-blocking products. Rising antivirus has been running in virustotal for quite some time, today we are excited to announce the integration of their URL scanner, which will be enhancing virustotal's web checking backbone.

Hopefully this integration will lead to a greater coverage of threats targeting Chinese end-users. This is an example of a Rising detection:

Thank you Rising team!

Monday, 23 June 2014

VirusTotal += FraudSense

We are excited to announce the inclusion of FraudSense as a new URL scanning engine in VirusTotal. FraudSense offers services to automate and enable real-time detection of phishing sites and their targeted brands. They have developed their own in-house phishing detection technology, which they describe as:
Based on cognitive concepts, artificial intelligence and active learning, our innovative technology automates what has traditionally been a labor-intensive process and enables real-time detection of phishing sites and their targeted brands.
Key features include:
0-Day Phishing Detection: Early discovery of new, unreported phishing sites.Brand Recognition: Accurate identification of the targeted brand.Language-Independent: Detection of both English and non-English phishing sites.Self-Sufficient: Independent of community-sponsored blacklists.
FraudSense is exposing its phishing feed to VirusTotal, so that users can check whether a given URL is already in their blacklist and hopefully get yet one more second opinion that will help them in keeping their environments safe.

An example of a URL detected by FraudSense:

Welcome FraudSense!

Wednesday, 11 June 2014

VirusTotal API implementation in C programming language

Many users interact programmatically with VirusTotal via its public API, it is an easy HTTP+JSON interface that allows you to easily submit and check files in order to help improve security world-wide. Moreover, many VirusTotal Community volunteers have very kindly implemented the API in a wide variety of programming languages, some of these implementations are documented here, many others exist and we will progressively adding all those that we are made aware of.

This said, there was not any full implementation of the API in the C language, so that any C or C++ program that users might be building could easily interact with VirusTotal, at least we were not aware of any. We have released a VirusTotal interface written in C to our API  on github at, any C or C++ program should be able to use it. Its goal is to implement all of the public API and private API features in C. The public API features will work for anyone with a free public API key, the private API features will only work for those who have licensed our services and use a private API key.

The recently announced VirusTotal Uploader for OS X internally uses the c-vtapi project. Using C it is a common building block that other programs or languages can interface to.

Suggestions, comments, patches and github pull request for improvements are welcome. Some ideas of improvements:
  • Better windows support and testing. We have tested a lot with OS X and linux, the windows scaffolding is there, but is not well tested.
  • More example programs or command line utilities that use this C API interface. For example, we know Sebastian Poeplau, being a busy guy, was looking for collaborators that would implement VirusTotal submissions in his awesome Ghost USB project, perhaps this C implementation makes it easier to perform the integration and some volunteers stand up.

VirusTotal += Zoner

We welcome Zoner antivirus as a new file scanning engine at VirusTotal. In the words of the company:

"Zoner AntiVirus is a relative newcomer to the anti-virus community, having previously created an Android protection app.
It is currently focusing on current threats and leaving some old ones for later (like old win95, bootsector viruses, etc.).
The whole engine and x86 emulator are being created in-house."