ReHIPS forum

English Subforum => ReHIPS => Topic started by: HJLBX on April 08, 2016, 06:01:41 AM

Title: [TO DO] Virus Total Lookup
Post by: HJLBX on April 08, 2016, 06:01:41 AM
I know with absolute certainty that it is just a matter of time before someone requests that Virus Total query be integrated into ReHIPS.

Just a FYI, Datpol (SpyShelter) has it for both the parent and child processes within the alerts.

* * * * *

User can always download the freeware Virus Total uploader - and use it to verify all files - before executing a file on the system.

However, at the same time, I do see some value to a VT public key integration into ReHIPS.

Something to consider...
Title: Re: ReHIPS 2.2.0 and Virus Total Lookup
Post by: schelkunov on April 08, 2016, 09:03:59 AM
Yes, you are right. It's something to consider ...
Title: Re: [UNDER REVIEW] Virus Total Lookup
Post by: aDVll on April 28, 2016, 09:20:49 AM
Gave it some thought and it will be interesting addiction for novice users to have an indication of the file safety with just checking the hash of the file and no upload to slow them down.
Good idea mate.
Title: Re: [UNDER REVIEW] Virus Total Lookup
Post by: Umbra on April 28, 2016, 09:39:21 AM
indeed, more and more security apps are integrating VT , even Process Explorer or Autoruns
Title: Re: [UNDER REVIEW] Virus Total Lookup
Post by: aDVll on April 28, 2016, 09:42:22 AM
Yep was surprised when i saw Process explorer has it because if the malware is already running you are fucked with and without virustotal but i guess better to know and format.
With any preventing tool though VT is gold for the average user. It's not by accident VT found it's way in a lot of tools.
Title: Re: [UNDER REVIEW] Virus Total Lookup
Post by: fixer on April 28, 2016, 11:57:35 AM
It's in our TODO list.
Title: Re: [TO DO] Virus Total Lookup
Post by: aDVll on May 07, 2016, 06:47:28 PM
You might want to check this, especially the bold part.
http://blog.virustotal.com/2016/05/maintaining-healthy-community.html (http://blog.virustotal.com/2016/05/maintaining-healthy-community.html)
Title: Re: [TO DO] Virus Total Lookup
Post by: fixer on May 07, 2016, 08:57:55 PM
Thanks for the link, we'll deal with it later when it comes to integration.
Title: Re: [TO DO] Virus Total Lookup
Post by: Umbra on May 08, 2016, 06:18:13 AM
VT new policy ; you must have your own engine to use VT.

http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw

https://malwaretips.com/threads/virustotal-policy-change-may-2016.59586/

so i guess the feature won't be possible for ReHIPS. Topic should be closed.
Title: Re: [TO DO] Virus Total Lookup
Post by: aDVll on June 12, 2016, 11:01:00 PM
Checked this out a bit and there might be a way. Their free api allows up to 4 request per minute so after the initial period when the program is installed it should be fine. Better than nothing if you ask me and you can also implement a queue list when one is going to pass the limit to submit when it will work. Obviously it should be an option to enable in settings because of the limitation but it all depends how much effort will be required by you guys to code it.
Title: Re: [TO DO] Virus Total Lookup
Post by: fixer on June 13, 2016, 07:22:11 PM
Yeah, I read it and though it could be a possibility. But we'll deal with it a bit later when time comes, right now we've got more important TODO items on our plate.
Title: Re: [TO DO] Virus Total Lookup
Post by: aDVll on June 13, 2016, 08:01:11 PM
Quote from: fixer on June 13, 2016, 07:22:11 PM
Yeah, I read it and though it could be a possibility. But we'll deal with it a bit later when time comes, right now we've got more important TODO items on our plate.
Understandable.  ;)