How a website like Virus Total does work?

8.4k views Asked by At

Websites like VirusTotal and Jotti provide online malware multi-scan service. I would ask about how can I code an interface for any of Kaspersky,AVG,Symantic..etc in order to implement an online service such as Virustotal? Can I find any support reference related to this issue ?

2

There are 2 answers

0
Cᴏʀʏ On BEST ANSWER

Those services use several free, open source, or commercial A/V products that provide programming interfaces (APIs) to programmatically scan a file for viruses.

VirusTotal, for example states the following on their about page:

VirusTotal is a service ... that uses several command line versions of antivirus engines, updated regularly with official signature files published by their respective developers.

Virus total uses the A/V engines listed here. There are links to all of the A/V company's websites.

Each of those programs probably provides a command-line tool or DLL or public API that can be invoked through code to determine if a file is a virus or not. Alternatively, they might have servers with those A/V engines installed that can response to requests for file-scanning (all done internally, and probably in a virtual sandbox or under some other protective safety net; afterall, you could be sending infected files around the Internet by having a service that scans for them).

As has been said before, a great deal of licensing issues probably need to be worked out before you can provide this service to the public. Since VirusTotal is based in Spain, the licensing agreements may be different than they are for other countries, as would be the copyright and trademark laws that could also influence their usage. VirusTotal also has agreements with the A/V engine vendors to report activity and file statistics back to them to help them improve their product. They might have an agreement in place to allow their engines' public usage.

If you're doing this for a learning exercise, download the tools and look for API references or command-line tools to learn how to invoke a scan on a file programmatically.

1
Evan Teran On

Even though I think you are trying to create something which doesn't have much use, I'll bite and provide an answer as best I can.

Firstly, those sites seem to offer the ability to either upload a file, or provide a link. In either case, a simple PHP (or whatever) can handle this where the end result is a file on your local system.

This file should never be executed, ever.

The second half is easy, most virus scanners have some sort of command line options to scan a specific file. You simply invoke the virus scanner with the appropriate options to have it scan the file that the user provided and check the result.

Once done, feel free to delete the file.

That's really all there is to it, but I have to agree with @Marc B, that this is not something that I would expect an AV vendor to allow you to do legally, and is most likely not worth your time and effort.