#malware-analysis #virus-total #security #malware

malwaredb-virustotal

Logic and datatypes for interacting with VirusTotal

23 releases (4 breaking)

0.4.1 Mar 17, 2025
0.3.1 Feb 12, 2025
0.2.0 Dec 22, 2024
0.1.4 Oct 31, 2024
0.0.3 Dec 30, 2023

#547 in Database interfaces

Download history 87/week @ 2024-12-04 105/week @ 2024-12-11 163/week @ 2024-12-18 113/week @ 2024-12-25 39/week @ 2025-01-01 109/week @ 2025-01-08 37/week @ 2025-01-15 166/week @ 2025-01-22 562/week @ 2025-01-29 229/week @ 2025-02-05 361/week @ 2025-02-12 100/week @ 2025-02-19 89/week @ 2025-02-26 74/week @ 2025-03-05 381/week @ 2025-03-12 86/week @ 2025-03-19

655 downloads per month
Used in 3 crates

Apache-2.0

110KB
2K SLoC

VirusTotal Client

TestLintDocumentationCrates.io VersionOpenSSF Scorecard

This is logic for interacting with VirusTotal's V3 API. At present, only the following actions are supported:

  • Fetch file & domain reports: this gets the anti-virus scan data for a given sample, and there are examples in the testdata/ directory.
    • The goal is for the file report to have all the possible fields for increased ease of use.
  • Request file re-scan: ask VirusTotal to run a given sample through their collection of anti-virus applications and analysis tools.
  • Submit a file sample: send a sample to VirusTotal for analysis.
  • Download a file sample: download the original sample from VirusTotal (not fully tested, requires VirusTotal Premium).
  • Search: find the hashes of files which match some search criteria (not fully tested, requires VirusTotal Premium, uses older V2 API). See VirusTotal's doc for more information.
  • The file report object and error types can be useful when interacting with VirusTotal using another crate or using VT's API directly; you don't have to use the client object in this crate to use the data (and error) types in this crate.

VirusTotal supports these actions given a MD5, SHA-1, or SHA-256 hash.

Additionally, this provides a client application (in bin/, or malwaredb-virustotal-bin) for the supported operations on the command line.

MUSL Targets

It's recommended to use the native-tls-vendored feature to avoid OpenSSL build errors when compiling for Linux MUSL targets. See the example Cargo.toml entry below:

[target.'cfg(target_env = "musl")'.dependencies]
malwaredb-virustotal = { version = "0.4", features = ["native-tls-vendored"] }

Dependencies

~4–19MB
~290K SLoC