Batch virustotal analyst

maymoons · #1 July 1st, 2010, 04:55 AM

tsilo · #2 July 1st, 2010, 05:09 AM

xxtp://www.virustotal.com/vtsetup.exe

maymoons · #3 July 1st, 2010, 05:17 AM

Quote:

xxtp://www.virustotal.com/vtsetup.exe

No, it is not batch tool. I want to scan 10.000 files at once. I need stronger tools.

sg09 · #4 July 1st, 2010, 11:59 AM

I think Reanimator can do that...

maymoons · #5 July 1st, 2010, 01:02 PM

Quote:

I think Reanimator can do that...

it can scan with using vt but there is not log

Kyle1420 · #6 July 1st, 2010, 07:03 PM

Can I please have a link to reanimator? I tried googling it... all i came up with was horror films.

jmonge · #7 July 1st, 2010, 08:03 PM

http://www.greatis.com/security/reanimator.html

Buster_BSA · #8 July 2nd, 2010, 12:33 PM

Obviously Reanimator will not do what maymoons asked.

maymoons · #9 July 2nd, 2010, 02:45 PM

Quote:

Obviously Reanimator will not do what maymoons asked.

Yes, You know what i want. I hope you can add this function to BSA.

Brummelchen · #10 July 2nd, 2010, 04:51 PM

The question for me is:

Is it usefull to query a lot of files this way - due to heavy traffic
it is more than possible that results may outstanding for a long time.
i suggest to use other - like MBAM or a portable tool

TheCleaner Portable (Demo, but enough)
http://www.moosoft.com/portable

SuperAntiSpyware Portable
http://www.superantispyware.com/portablescanner.html

emsisoft a2 portable/commandline
http://www.emsisoft.de/de/

maymoons · #11 July 2nd, 2010, 05:24 PM

The Cleaner and Superantispyware dedection rate low, emsisoft cant scan 250.000 files at once.

Kyle1420 · #12 July 2nd, 2010, 06:26 PM

maymoons, I would love to make an application that could upload those files recursively as It would prove useful in a lot of other cases too..The bit I get stuck on is interacting with virustotal.com to click the 'select file' button..I can do that with simulated mouse movement\clicks but I don't really think thats practical. I think that really you need to get in contact with Virustotal and request this tool from them as I don't think its possible AFAIK to make a 3rd party tool to do this..

Kyle

Ibrad · #13 July 2nd, 2010, 07:12 PM

Why not just put them all in one file and have each product scan the file and see what they detect? Only other way I would do it is ask one of the AV experts that work at the lab to check every file for ya and give you a nice detailed log of what each one was.

Kyle1420 · #14 July 2nd, 2010, 08:14 PM

maymoons, I did some more reading on this. You can email VirusTotal files and they should get back to you. Would you be happy if I tried to make something that would email those attachments recursively ?

kwismer · #15 July 2nd, 2010, 10:40 PM

Quote:

Originally Posted by maymoons

No, it is not batch tool. I want to scan 10.000 files at once. I need stronger tools.

10 thousand?

here's something julio canto of virustotal posted to twitter a week or so ago

Quote:

Originally Posted by jcanto

dear virustotal users: I would like to remind you that VT may not be used for mass scanning. abusing the service -> blocking your IP

Quote:

Originally Posted by jcanto

it is a matter of resources -> we obviosly don't have the Google infrastructure for keeping the service running

if you've collected 10 thousand files to scan, maybe you should invest the time/effort/etc in setting up your own multi-scanning system.

maymoons · #16 July 3rd, 2010, 05:28 AM

Quote:

maymoons, I did some more reading on this. You can email VirusTotal files and they should get back to you. Would you be happy if I tried to make something that would email those attachments recursively ?

Probably not only me, virus traders need this tools. There is a some script but they are not usefull. But if it is true;

Quote:

dear virustotal users: I would like to remind you that VT may not be used for mass scanning. abusing the service -> blocking your IP

There is no way for batch analyst.

Quote:

if you've collected 10 thousand files to scan, maybe you should invest the time/effort/etc in setting up your own multi-scanning system.

I dont know how can i do this. Anyway, I can use AV's log reports. This is long process, 24-48h per AV (some crashed and i can use it for generate log)

maymoons · #17 August 13th, 2010, 05:10 AM

Now, VT has public api.
http://www.virustotal.com/advanced.html

Maybe batch analysis tools can be build easly

andylau · #18 August 13th, 2010, 05:37 AM

Quote:

Originally Posted by maymoons

Now, VT has public api.
http://www.virustotal.com/advanced.html

Maybe batch analysis tools can be build easly

Quote:

The chosen format for the API is HTTP POST requests with JSON object responses and it is limited to at most 20 requests of any nature in a given 5 minutes time frame. The public API is a free service, available for any web site or application that is free to consumers.

The public API key has limitation. If you want to scan for mass files, you must apply for a private api key.

maymoons · #19 August 13th, 2010, 06:00 AM

Quote:

The public API key has limitation. If you want to scan for mass files, you must apply for a private api key.

121 day for non-stop scan. Yes, it is not usefull.
It dont look like cymru service
http://www.team-cymru.org/Services/MHR/

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search