I noticed that the virustotal site, which can run a check over a huge number of scanning engines, offers a public API:
https://www.virustotal.com/en/documentation/public-api/
This seems like it would be a nice option to have within sabnzbd. I see there is a plugin for this, but it requires java, which is something many folks are either just not going to install due to the hassle (ie: running sabnzbd on a NAS or similar, you probably don't want to be adding java + deps) or due to security issues (those running sabnzbd on the desktop).
Just throwing that out there. Plenty of crazy viruses on usenet. One I found recently didn't generate a positive hit on any of the 4 scanners I had available, and only popped an alert on less than 1/5 of the scanners on virustotal.com.
virus scan in post-processing? [VirusTotal]
-
herpderp99
- Newbie
- Posts: 1
- Joined: February 22nd, 2013, 2:46 am
Re: virus scan in post-processing?
So you're suggesting that SABnzbd starts uploading files to a remote site?
Doesn't sound like a great idea.
BTW: personally I never ever get software from Usenet and have a cleanup filter for anything executable.
But, feel free to write a post-processing script that uses this anti-virus service.
Doesn't sound like a great idea.
BTW: personally I never ever get software from Usenet and have a cleanup filter for anything executable.
But, feel free to write a post-processing script that uses this anti-virus service.
Re: virus scan in post-processing?
Virustotal works different: you don't upload anything; you just check the md5sum of a specific file in an URL. Example:shypike wrote:So you're suggesting that SABnzbd starts uploading files to a remote site?
Code: Select all
sander@flappie:~$ md5sum some-file.exe
db49e37fa0e616f98a3582a772411488 some-file.exe
sander@flappie:~$
sander@flappie:~$ lynx --dump https://www.virustotal.com/latest-scan/db49e37fa0e616f98a3582a772411488 | grep -i detection
Detection ratio: 38 / 50
sander@flappie:~$
To see which names are given to the infection by which virusscanner, run this:
Code: Select all
sander@flappie:~$
sander@flappie:~$ lynx --dump https://www.virustotal.com/latest-scan/db49e37fa0e616f98a3582a772411488 | grep -A5 " Antivirus"
Antivirus Result Update
AVG Worm/MSIL.FP 20140218
Ad-Aware Trojan.GenericKD.1456641 20140218
Agnitum Trojan.Badur! 20140218
AhnLab-V3 Trojan/Win32.Inject 20140218
AntiVir TR/Dropper.Gen 20140218
sander@flappie:~$
Code: Select all
sander@flappie:~$ lynx --dump https://www.virustotal.com/latest-scan/db49e37fa0e616f98a3582a772411488 | grep -A5 " Antivirus" | grep -vi " Antivirus" | awk '{ print $2 }'
Worm/MSIL.FP
Trojan.GenericKD.1456641
Trojan.Badur!
Trojan/Win32.Inject
TR/Dropper.Gen
sander@flappie:~$
Re: virus scan in post-processing? [VirusTotal]
I wrote a python post-processing script that checks downloads (well: files with extension like .EXE and .APK) against virustotal. Result:
Clicking on the symbols or More gives:
So, thanks to virustotal, virus checking without a virus scanner installed on the machine
Especially handy for platforms for which a virus scanner is not readily available and/or a virusscanner takes too much resources, like NAS devices.
Some remarks:
My script has a lynx call, because I need plain text (not HTML) from a URL (and didn't want to install Beatiful Soup)
Virustotal officially allows a maximum of four checks per minute
I use the plain URL, not the API call as the API wants you to register for an apikey.
Clicking on the symbols or More gives:
So, thanks to virustotal, virus checking without a virus scanner installed on the machine
Especially handy for platforms for which a virus scanner is not readily available and/or a virusscanner takes too much resources, like NAS devices.
Some remarks:
My script has a lynx call, because I need plain text (not HTML) from a URL (and didn't want to install Beatiful Soup)
Virustotal officially allows a maximum of four checks per minute
I use the plain URL, not the API call as the API wants you to register for an apikey.
Re: virus scan in post-processing? [VirusTotal]
OK, rewrote the Virustotal SABnzbd postprocessing script into plain python (no more lynx), and it works.
See here: <removed, see below>
HTH
See here: <removed, see below>
HTH
-
JesusOnEez
- Newbie
- Posts: 7
- Joined: June 25th, 2013, 8:16 am
Re: virus scan in post-processing? [VirusTotal]
I'm not the OP (looks like he popped in for the one feature request...perhaps a lurker), but you're a genius and thanks!
Re: virus scan in post-processing? [VirusTotal]
Hi Sander,
Your script was exactly what I needed, but I modified it a bit to work with CouchPotato and delete the entire download.
If it's of any help for someone, https://github.com/Josje92/Couchpotato- ... -AntiVirus.
This .py deletes the movie, finds the movie ID of the movie it was from CP, and tells CP to ignore this download and look for another one.
CP-Server and CP-API-Key have to be manually entered in the .py.
Your script was exactly what I needed, but I modified it a bit to work with CouchPotato and delete the entire download.
If it's of any help for someone, https://github.com/Josje92/Couchpotato- ... -AntiVirus.
This .py deletes the movie, finds the movie ID of the movie it was from CP, and tells CP to ignore this download and look for another one.
CP-Server and CP-API-Key have to be manually entered in the .py.
Re: virus scan in post-processing? [VirusTotal]
Bad news: I asked Virustotal if using the script was ToS-compliant, and it's not; Virustotal wants scripts to use the API, for which you need an API-key, for which you need a (free) account. So that's more actions to take for a SABnzbd user. Pity.
I've removed the link to my script
I've removed the link to my script