[TO DO] Virus Total Lookup

Started by HJLBX, April 08, 2016, 06:01:41 AM

Previous topic - Next topic

HJLBX

I know with absolute certainty that it is just a matter of time before someone requests that Virus Total query be integrated into ReHIPS.

Just a FYI, Datpol (SpyShelter) has it for both the parent and child processes within the alerts.

* * * * *

User can always download the freeware Virus Total uploader - and use it to verify all files - before executing a file on the system.

However, at the same time, I do see some value to a VT public key integration into ReHIPS.

Something to consider...

schelkunov

Yes, you are right. It's something to consider ...

aDVll

Gave it some thought and it will be interesting addiction for novice users to have an indication of the file safety with just checking the hash of the file and no upload to slow them down.
Good idea mate.

Umbra

indeed, more and more security apps are integrating VT , even Process Explorer or Autoruns

aDVll

Yep was surprised when i saw Process explorer has it because if the malware is already running you are fucked with and without virustotal but i guess better to know and format.
With any preventing tool though VT is gold for the average user. It's not by accident VT found it's way in a lot of tools.

fixer


aDVll


fixer

Thanks for the link, we'll deal with it later when it comes to integration.

Umbra

#8
VT new policy ; you must have your own engine to use VT.

http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw

https://malwaretips.com/threads/virustotal-policy-change-may-2016.59586/

so i guess the feature won't be possible for ReHIPS. Topic should be closed.

aDVll

#9
Checked this out a bit and there might be a way. Their free api allows up to 4 request per minute so after the initial period when the program is installed it should be fine. Better than nothing if you ask me and you can also implement a queue list when one is going to pass the limit to submit when it will work. Obviously it should be an option to enable in settings because of the limitation but it all depends how much effort will be required by you guys to code it.

fixer

Yeah, I read it and though it could be a possibility. But we'll deal with it a bit later when time comes, right now we've got more important TODO items on our plate.

aDVll

Quote from: fixer on June 13, 2016, 07:22:11 PM
Yeah, I read it and though it could be a possibility. But we'll deal with it a bit later when time comes, right now we've got more important TODO items on our plate.
Understandable.  ;)