Type of site
|Internet security, file and URL analyzer|
|Available in||Arabic, Bulgarian, Chinese, Chinese (Hong Kong), Chinese (Taiwan), Croatian, Czech, Danish, Dutch, English (US), English (GB), Estonian, Filipino, Finnish, French, German, Greek, Hebrew, Hindi, Hungarian, Indonesian, Italian, Japanese, Korean, Latvian, Lithuanian, Malay, Norwegian, Persian, Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Vietnamese|
|Created by||Hispasec Sistemas|
|General manager||Bernardo Quintero|
|Key people||Bernardo Quintero, Emiliano Martínez, Víctor Manuel Álvarez, Karl Hiramoto, Julio Canto, Alejandro Bermúdez, Juan A. Infantes|
|Parent||Google LLC (2012–2018)|
VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.
VirusTotal aggregates many antivirus products and online scan engines called Contributors. In November, 2018, the Cyber National Mission Force, a unit subordinate to the U.S. Cyber Command became a Contributor. The aggregated data from these Contributors allows a user to check for viruses that the user's own antivirus software may have missed, or to verify against any false positives. Files up to 650 MB can be uploaded to the website, or sent via email (max. 32MB). Anti-virus software vendors can receive copies of files that were flagged by other scans but passed by their own engine, to help improve their software and, by extension, VirusTotal's own capability. Users can also scan suspect URLs and search through the VirusTotal dataset. VirusTotal uses the Cuckoo sandbox for dynamic analysis of malware. VirusTotal was selected by PC World as one of the best 100 products of 2007.
VirusTotal's Windows Uploader was an application that integrates into the Explorer's (right-click) contextual menu, listed under Send To > Virus Total. The application also launches manually for submitting a URL or a program that is currently running in the OS.
VirusTotal stores the name and various hashes for each scanned file. Already scanned files can be identified by their known (e.g., VT default) SHA256 hash without uploading complete files. The SHA256 query URL has the form
https://www.virustotal.com/latest-scan/SHA256. File uploads are normally limited to 128 MB. In 2017 VirusTotal discontinued support of the Windows Uploader.
Same as the Windows app you upload the file (via the app's UI or context menu) then you will be given back a result. The Mac OS X app can be downloaded from their website. However, you need to compile and build the app for Linux using the same core (provided in their repository) used in the Mac OS X application. Already scanned files can be identified by their known (e.g., VT default) SHA256 hash without uploading complete files.
There are several browser extensions available, such as VT4Browsers for Mozilla Firefox, and Google Chrome and vtExplorer for Internet Explorer. They allow the user to download files directly with VirusTotal's web application prior to storing them in the computer, as well as scanning URLs.
The service also offers an Android App that employs the public API to search any installed application for VirusTotal's previously scanned ones and show its status. Any application not previously scanned can be submitted, but an API key must be provided and other restrictions to public API usage may apply (see #Public API).
VirusTotal provides as a free service a public API that allows for automation of some of its online features such as "upload and scan files, submit and scan URLs, access finished scan reports and make automatic comments on URLs and samples". Some restrictions apply for requests made through the public API, such as requiring an individual API key freely obtained by online signing up, low priority scan queue, limited number of requests per time frame, etc.
Antivirus engines used for detection for uploading files.
Antivirus scanning engines used for URL scanning.
Utilities used to provide additional info on uploaded files.
Files uploaded to VirusTotal may be shared freely with anti-malware companies and will also be retained in a store. The VirusTotal About Page states under VirusTotal and confidentiality:
Files and URLs sent to VirusTotal will be shared with antivirus vendors and security companies so as to help them in improving their services and products. We do this because we believe it will eventually lead to a safer Internet and better end-user protection. By default any file/URL submitted to VirusTotal which is detected by at least one scanner is freely sent to all those scanners that do not detect the resource. Additionally, all files and URLs enter a private store that may be accessed by premium (mainly security/antimalware companies/organizations) VirusTotal users so as to improve their security products and services.