Crate malwaredb_virustotal

Source
Expand description

§VirusTotal Client

TestLintDocumentationCrates.io VersionOpenSSF Scorecard

This is logic for interacting with VirusTotal’s V3 API. At present, only the following actions are supported:

  • Fetch file, IP address, and domain reports: this gets the anti-virus scan and other data for a given sample, and there are examples in the testdata/ directory.
    • The goal is for the file report to have all the possible fields for increased ease of use.
  • Request re-scan: ask VirusTotal to run a given item through their collection of anti-virus applications and analysis tools.
  • Submit a file sample: send a sample to VirusTotal for analysis.
  • Download a file sample: download the original sample from VirusTotal (not fully tested, requires VirusTotal Premium).
  • Search: find the hashes of files which match some search criteria (not fully tested, requires VirusTotal Premium, uses older V2 API). See VirusTotal’s doc for more information.
  • The file report object and error types can be useful when interacting with VirusTotal using another crate or using VT’s API directly; you don’t have to use the client object in this crate to use the data (and error) types in this crate.

VirusTotal supports these actions given a MD5, SHA-1, or SHA-256 hash.

Additionally, this provides a client application (in bin/, or malwaredb-virustotal-bin) for the supported operations on the command line.

§MUSL Targets

It’s recommended to use the native-tls-vendored feature to avoid OpenSSL build errors when compiling for Linux MUSL targets. See the example Cargo.toml entry below:

[target.'cfg(target_env = "musl")'.dependencies]
malwaredb-virustotal = { version = "0.5", features = ["native-tls-vendored"] }

Modules§

common
Data types common to a few data types
domainreport
Logic for parsing the domain report data from VirusTotal
errors
Pre-defined error types for Virus Total allowing for error comparison. [https://virustotal.readme.io/reference/errors]
filereport
Logic for parsing the file report data from VirusTotal
filesearch
Logic for searching for files based on types, submission, and attributes
ipreport
Logic for parsing the IP report data from VirusTotal

Structs§

VirusTotalClient
VirusTotal client object