Virustotal - free online file scanning

Published on January 23, 2013 By DrJBHL In Personal Computing

This is a totally free online service for file scanning. It utilizes 40 different antivirus engines to examine uploaded files.

There are some very significant limitation on the scanning: The files you upload must be less than 32 Megabytes. If it is a zipped file, then its unzipped size must be less than 32 Mb. This can be overcome by using a file slitter. Also, the files to be scanned must be uploaded one at a time. This is understandable as there are resource limitations and 40 antiviral engines are being used. If you put multiple files together and one or two are contaminated, you’ll have to go to individual file scanning anyway to find the culprit.

When you get the results, you can opt to view the last analysis (if the file has been analysed before) or reanalyze.

There is another facet to consider: Since antiviral engines are being updated with new algorithms and definitions all the time, a file scanned a few weeks before and found free of contamination may be found to be contaminated on subsequent scanning (prior false negative), and this isn’t even considering the question of false positives.

Therefore, the question of how to interpret the results of the scan arises. I haven’t uploaded a file to be checked yet, as I’m not sure that a screen shot would be relevant and not misleading since the nature is dynamic.

Instead, I checked a link reported by BitDefender as being a dangerous link, but which I think isn’t. I checked a link from an article on Windows Medkit (the link is in the article here: http://www.ghacks.net/2013/01/22/windows-medkit-helps-you-recover-your-pc-after-malware-infections/) (I wanted to tell you folks about a really good piece of portable software for your rescue kit which resets the start menu, etc. as cleaning won’t undo that damage http://zeroideas.net/WinMedkit/Index.html).

So I analyzed the link and it appears to be safe. I checked the link with Virustotal and with Securi Site Check and Webutation. Here are the reports I received: Link to report 1. , link to report 2 , link to report 3 , link to report 4 .

So in summary, I think this is a valuable if limited service. Limited by size of file, and by the spectrum of false positives and negatives and our inability to know which is which among true positives and true negatives and how they might change with time.

People have their own security software and link sniffers which may or may not be reliable at any given time. Depending on how “safe” your practices are will determine the frequency of scanning.

Certainly, if you send a given file frequently, you’ll want to scan it more frequently than one which sits relatively inert on your system.

This view pretty much coincides with the one on gHacks. The link inspector and additional sites I used in this article are for the more conscientious.

Thanks for taking the time to wade through all this. There’s a lot to chew here.

Source:

http://www.ghacks.net/2013/01/23/why-it-is-better-to-recheck-files-on-virustotal/?_m=3n%2e0038%2e772%2ehj0ao01hy5%2esjy

Comments

No one has commented on this article. Be the first!

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!