web-servicesantivirusvirus-scanningantivirus-integration

How a website like Virus Total does work?


Websites like VirusTotal and Jotti provide online malware multi-scan service. I would ask about how can I code an interface for any of Kaspersky,AVG,Symantic..etc in order to implement an online service such as Virustotal? Can I find any support reference related to this issue ?


Solution

  • Those services use several free, open source, or commercial A/V products that provide programming interfaces (APIs) to programmatically scan a file for viruses.

    VirusTotal, for example states the following on their about page:

    VirusTotal is a service ... that uses several command line versions of antivirus engines, updated regularly with official signature files published by their respective developers.

    Virus total uses the A/V engines listed here. There are links to all of the A/V company's websites.

    Each of those programs probably provides a command-line tool or DLL or public API that can be invoked through code to determine if a file is a virus or not. Alternatively, they might have servers with those A/V engines installed that can response to requests for file-scanning (all done internally, and probably in a virtual sandbox or under some other protective safety net; afterall, you could be sending infected files around the Internet by having a service that scans for them).

    As has been said before, a great deal of licensing issues probably need to be worked out before you can provide this service to the public. Since VirusTotal is based in Spain, the licensing agreements may be different than they are for other countries, as would be the copyright and trademark laws that could also influence their usage. VirusTotal also has agreements with the A/V engine vendors to report activity and file statistics back to them to help them improve their product. They might have an agreement in place to allow their engines' public usage.

    If you're doing this for a learning exercise, download the tools and look for API references or command-line tools to learn how to invoke a scan on a file programmatically.