Didier Stevens

Wednesday 30 May 2012

Update: virustotal-search

Filed under: Malware,My Software,Update — Didier Stevens @ 9:04

I didn’t expect my virustotal-search program to be that popular, so here is a new version with new features and a few fixes (version 0.0.1 contained a buggy experimental feature I hadn’t planned to release then).

What I didn’t explain in my first post, is that virustotal-search builds a database (virustotal-search.pkl) of all your requests, so that recurring requests are served from that local database, and not from the VirusTotal servers. I’ve added a field (Requested) to indicate if the request was send to VirusTotal or served from the local database.

If you want all requests to be send to VirusTotal, regardless of the content of the local database, use option –force.

And if you don’t want to include your API key in the program source code, you have two alternatives:

  1. use option –key and provide the API key on the command line
  2. define environment variable VIRUSTOTAL_API2_KEY with the your API key

virustotal-search_V0_0_3.zip (https)
MD5: 89D48483B8CF48A11A26314CC3A7631C
SHA256: A66A264A772CB9AEE356E1CF902E93FCA8CDE77233A09DB4999BCF15FA45EDF9

Blog at WordPress.com.