Basic File Report Example

This sample invokes and displays the results of a VirusTotal "file report" via DXL.

For more information see:

https://www.virustotal.com/en/documentation/public-api/#getting-file-scans

Prerequisites

• The samples configuration step has been completed (see Samples Configuration)
• The VirusTotal API DXL service is running and available on the DXL fabric (see VirusTotal API DXL Service)

Running

To run this sample execute the sample/basic/basic_file_report_example.py script as follows:

python sample/basic/basic_file_report_example.py

The output should appear similar to the following:

{
    "md5": "7657fcb7d772448a6d8504e4b20168b8",
    "permalink": "https://www.virustotal.com/file/54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71/analysis/1491516000/",
    "positives": 61,
    "resource": "7657fcb7d772448a6d8504e4b20168b8",
    "response_code": 1,
    "scan_date": "2017-04-06 22:00:00",
    "scan_id": "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71-1491516000",
    "scans": {
        "ALYac": {
            "detected": true,
            "result": "Gen:Variant.Kazy.8782",
            "update": "20170406",
            "version": "1.0.1.9"
        },
        "AVG": {
            "detected": true,
            "result": "SHeur3.BNDF",
            "update": "20170406",
            "version": "16.0.0.4769"
        },

        ...

        "nProtect": {
            "detected": true,
            "result": "Trojan-Spy/W32.ZBot.109056.AR",
            "update": "20170406",
            "version": "2017-04-06.02"
        }
    },
    "sha1": "84c7201f7e59cb416280fd69a2e7f2e349ec8242",
    "sha256": "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71",
    "total": 62,
    "verbose_msg": "Scan finished, information embedded"
}

The scan results from the various providers are listed.

Details

The majority of the sample code is shown below:

# Create the client
with DxlClient(config) as dxl_client:

    # Connect to the fabric
    dxl_client.connect()

    logger.info("Connected to DXL fabric.")

    # Create client wrapper
    client = VirusTotalApiClient(dxl_client)

    # Invoke 'file report' method on service
    resp_dict = client.file_report("7657fcb7d772448a6d8504e4b20168b8")

    # Print out the response (convert dictionary to JSON for pretty printing)
    print("Response:\n{0}".format(
        MessageUtils.dict_to_json(resp_dict, pretty_print=True)))

Once a connection is established to the DXL fabric, a dxlvtapiclient.client.VirusTotalApiClient instance is created which will be used to invoke remote commands on the VirusTotal API DXL service.

Next, the dxlvtapiclient.client.VirusTotalApiClient.file_report() method is invoked with the resource to report on (in this case, an MD5 hash).

The final step is to display the contents of the returned dictionary (dict) which contains the results of the file report.