Hi !would you be so kind to make addon like this for firefox 2 ? I don't let nor windows explorer or internet explorer to go to internet expet updates sometimes.
Hi i really like your uploader but there is one little problem...:) u cant choose will it distribute we have what u send for scanning or not... my humble opinion is that we have a right to choose that...
Thx very much and again gr8 work u have done:)
I would love to see more statistics... how many new viruses detected (graph per day) and trends in which virus is the most common (multi line trend graph) and a comparison on how the different virus scanners are doing on the samples submitted the last month
The statistics on the page now seem to be a little wrong and the "last found viruses" are always delayed hours.
What happends with the samples? Does the antivirus companies really use them to improve their scanners?
Thanks for a great tool!
Just one suggestion - please make this support uploading multiple files. Got the following error when I tried:
"Error! Couldn't open file!"
Multiple files, SSL enable/disable, and distrubuting yes/no options would be great.
Great tool ! just click "dont distribute" after the HTML page opens :D
Multiple files should never be supported, pointless trying to waste time on that. The scanners need the files submitted one at a time anyway sending a zip of files for example means you get one result
Re statistics, good and expanded statistics would be good, but too complicated to get a real idea of detection. Some AV employ high amounts of packer detection, heuristics, even common malware filename detection is in some of these engines. Why should others detect an empty FAKED trojan file ? Why should the paranoid scanner get a seemingly better score for WRONG detection.
In the real world some paranoid detection works, but statistics on detection without knowing exactly which sample is a real sample or which are false alarms ? you'd be surprised how many samples are damaged or false alarms. ACTUAL keygens which work, often trigger packer alarms for being FSG packed and modified. Attackers are modifying PACKER code and PE headers.
In fact, ITW there are a large number of malware only packers. Detecting them as suspicious is very very good ! but where does it draw the line.. should it be outputting paranoid results like UPX modified to a scanner online ?
AV would be much better off outputting a comprehensive analysis of the file for the human to understand. SAY "corrupted, 2 bytes" while another scanner says MALWARE.. the human knows which is right and which is guessing !!
I meant to say working keygens are also often detected as MALWARE with names, not .variant, straight out WRONG "this is backdoor.agent" or something like that... :D it happens..
"What happends with the samples? Does the antivirus companies really use them to improve their scanners?"
My guess is that the VirusTotal admins disassembles the samples,then mods them,
and finally distributes them via hacked php servers and irc channels.
And eventually,there will be a huge VirusTotal botnet,
controlling the whole planet....
Hispasec=World Domination ;-)
Ok,seriously now...beyond conspiracy theories:
I honestly believe that most samples never get to the various AV labs...
I've submitted quite a lot of samples gathered from my personal honeypot,
and even 4 months later they're still undetected by most AV products...
Regarding packers...puff,they're incapable of even unpacking common stuff like Upack,FSG etc...
ha,it's funny seeing detecting RLPack itself as a virus,
while it's author has also published sources,
it's even more funny detecting UPX as "suspicious"...
wi delete copy.exe und host.exe vir.troj.worm
Sobre saiu990redex
GOIANIA - GO - BR
Adicionar aos favoritosSobre saiu990redex
GOIANIA - GO - BR
Adicionar aos favoritos
Virus companies, at least the small ones, get/use the samples sent to them by VirusTotal. The ClamAV Open Source project, for example, gets signatures for many of the samples sent to it. Clam has increased its signature database immensley in the past several months, due in part to samples it receives from VirusTotal. VirusTotal is acting as a "honeypot" for smaller antivirus companies. I applaud their work in this regard and believe it provides a very valuable service to the Internet community.
Thanks very much for the VT Uploader. I hope you make the source code available for antivirus software programs that would like to incorporate it in their software to facilitate positive analysis of malware. The only problem is...VT might have to get more hardware to handle the increased demand.
Regards,
RWS
it keep allways telling me that "Error!upload failed!couldn't finalize HTTP request" !!!!!!!
Just came to know about this tool (actually didnt notice the news on the webpage, just saw it today)
but it would be great to have a small application interface (standalone - install free) which could have just a browse button and send button and the results could open in the current web browser itself..
How about a linux/mozilla version
https://addons.mozilla.org/en-US/firefox/addon/4451
The installer seems bugged. If I don't choose "Start Menu Shortcuts" nothing will appear in "Send to". Took a while before I tested to have that option.
The uploader installs right away and works great. No hazzles whatsoever. Just an idea that it might be better if it compresses files before uploading.
Some of the viruses out there don't bother compressing because compression would triger antivirus "malware" detection. Stupid enough for a silly false positive, since viruses are not the only ones using compression.
Dude, sweet I love the service you provide.
The uploader works exactly as designed. Some additional configuration options would be nice, like SSL/don't submit, but that's secondary.
It's made submitting files to VirusTotal quite a bit more convenient and quick.
It would be better if the app also displayed the results. What's the point of making it upload and then having to open the web browser to view the results? It doesn't make any sense. Why would one want to use this tool then, instead of just visiting the website?
here's the command line "vtotal" tool i use ...
#!/bin/sh
echo "" | mutt -s "SCAN" -a $1 scan@virustotal.com
usage: vtotal sample.exe
shortly afterwards you get results in your email.
A nice idea: uploader should upload MD5 sum and see if it was already scnned BEFORE the whole file upload.
An extension to this idea would be checking if the file is archive (despite of extension) and sending MD5 of files inside an archive.
It should reduce the time of transmission AND scanning by your CPU.
its the colest i scan a troyan in my msn and do u know what they sent it to do , its was going to destroyed my pc,and thats the reason virus total its the coolest in the world...c.u.l... peace
I send samples to an antivirus company because I received a license to do it. I used VirusTotal before but now I can't use VirusTotal service because I don't want to send samples to all antivirus companies.
Please send trackbacks to: http://blog.hispasec.nospam/virustotal/23/tbZ3ping
Replace "nospam" with "com"
There are no trackbacks.
