Crate malwaredb_virustotal

Source
Expand description

§VirusTotal Client

TestLintCrates.io VersionOpenSSF Scorecard

This is logic for interacting with VirusTotal’s V3 API. At present, only the following actions are supported:

  • Fetch file report: this gets the anti-virus scan data for a given sample, and there are examples in the testdata/ directory.
  • Request re-scan: ask VirusTotal to run a given sample through their collection of anti-virus applications and analysis tools.
  • Submit a sample: send a sample to VirusTotal for analysis.
  • Download a sample: download the original sample from VirusTotal (not fully tested, requires VirusTotal Premium).
  • Search: find the hashes of files which match some search criteria (not fully tested, requires VirusTotal Premium, uses older V2 API). See VirusTotal’s doc for more information.
  • The file report object and error types can be useful when interacting with VirusTotal using another crate or using VT’s API directly; you don’t have to use the client object in this crate to use the data (and error) types in this crate.

VirusTotal supports these actions given a MD5, SHA-1, or SHA-256 hash.

Additionally, this provides a client application (in bin/, or malwaredb-virustotal-bin) for the supported operations on the command line.

§MUSL Targets

It’s recommended to use the native-tls-vendored feature to avoid OpenSSL build errors when compiling for Linux MUSL targets. See the example Cargo.toml entry below:

[target.'cfg(target_env = "musl")'.dependencies]
malwaredb-virustotal = { version = "0.1", features = ["native-tls-vendored"] }

Modules§

  • Pre-defined error types for Virus Total allowing for error comparison. [https://virustotal.readme.io/reference/errors]
  • Logic for parsing the file report data from VirusTotal
  • Logic for parsing the result from a file rescan request
  • Logic for searching for files based on types, submission, and attributes

Structs§