Wednesday, May 04, 2016


Maintaining a healthy community

VirusTotal was born 12 years ago as a collaborative service to promote the exchange of information and strengthen security on the internet. The initial idea was very basic: anyone could send a suspicious file and in return receive a report with multiple antivirus scanner results. In exchange, antivirus companies received new malware samples to improve protections for their users. The gears worked thanks to the collaboration of antivirus companies and the support of an amazing community. This is an ecosystem where everyone contributes, everyone benefits, and we work together to improve internet security.

For this ecosystem to work, everyone who benefits from the community also needs to give back to the community, so we are introducing a few new policies to make sure that our community continues to work for years into the future. First, a revised default policy to prevent possible cases of abuse and increase the health of our ecosystem: all scanning companies will now be required to integrate their detection scanner in the public VT interface, in order to be eligible to receive antivirus results as part of their VirusTotal API services. Additionally, new scanners joining the community will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO).

Finally, all VirusTotal users are fully accountable for and need to follow our existing Terms of Services and mandatory Best Practices. Its frustrating to see abuses show up and its damaging for our community. Let's remember some basics:

  • VirusTotal should not be used in any way that could directly or indirectly hinder the antivirus/URL scanner industries.
  • VirusTotal should not be used as a substitute of an antivirus solution.
  • The data generated by VirusTotal should not be used automatically as the primary indicator to blacklist/produce signatures for files. i.e. Antivirus vendors should not copy the signatures generated by other vendors without any other scrutinizing on their side.
  • VirusTotal should not be used to generate comparative metrics between different antivirus products. Antivirus engines can be sophisticated tools that have additional detection features that may not function within the VirusTotal scanning environment. Because of this, VirusTotal scan results aren’t intended to be used for the comparison of the effectiveness of antivirus products.
  • VirusTotal should not be used as deceptive means to discredit or to validate claims for or against a legitimate participant  in the anti-malware industry.
  • VirusTotal renders information generated by third party products (antivirus vendors, URL scanning engines, file characterization tools, etc.), those product names are exclusive property of their respective brands, hence, use of these names in third party products and services will be done at your sole discretion. You should ask the corresponding brands for their permission.
  • In no event shall you use VirusTotal's logo, name or trademark on any customer list, public statement, press release, or in any other manner without our prior written consent in each instance.
There is a new specific email address ( for users and partners to report potential abuse of this new policy or our long-standing Terms of Services and mandatory Best Practices. When potential abuse is reported, we will investigate and work to adopt specific measures to combat any irregularities, if any uses can’t come into compliance we will terminate their service.

We are looking forward to working with new partners, as it will bring more value to the ecosystem. All collaborative efforts are based on the principles of benefiting the security industry as a whole and enabling the protection of end users. We also want to thank our current partners, and the entire VT community, for working with us as we pursue our mutual goal of a safer and more secure Internet for everyone.