?

Log in

No account? Create an account

fanf

A command-line interface to Virustotal

« previous entry | next entry »
1st Mar 2010 | 12:42

The Virustotal web site is a pretty nice way to scan a file with about 42 different virus scanners. It uses AJAX to dynamically update the results page as the various scanners complete, which can take many seconds. Even better, it feeds sample files to the ClamAV team so they can improve their detection rate.

Recently I have been receiving a lot of trojan spam which ClamAV has not detected. Usually it gets blocked by Spamhaus, but it can bypass that if it gets to me via my postmaster address or via one of my forwarded addresses. I got pretty bored of feeding infected messages to my web browser, especially since it runs on a different computer to my MUA.

So I translated the relevant bits of the Virustotal Javscript into Perl so I could feed files to Virustotal from the command line. If you want you can download a copy of the resulting script. There were a couple of amusing things about writing it: The Virustotal Javascript is written in Spanish, but happily it's nice straightforward code so I only needed to use Google Translate a couple of times :-) Also, they chose to send back the AJAX results in a dialect of JSON based on array literals rather than the more standard object literals. Perl has exactly the same syntax as Javascript for array literals which made it particularly easy to parse the results :-)

| Leave a comment | Share

Comments {0}