Back to Community Threads
2
Virus Total Integration
Question asked by J Lee - 1/16/2024 at 12:26 PM
Answered
Hi All

Has anyone tried to use the VirusTotal API to check the hash on email attachments?

J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273

5 Replies

Reply to Thread
4
Zach Sylvester Replied
1/17/2024 at 9:55 AM
Employee Post Marked As Answer
Hello, 

Thanks for reaching out. I looked into this a while ago because I thought it would be a cool feature to add as well. However, the public API has limitations, and it's against their terms and conditions to use it for commercial uses. They do have a premium API however, I've heard that it's super expensive (around 5k a month). 
So I don't think this is a feature that we will be integrating into SmarterMail. 

Kind Regards, 
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
1
Why not support "Antimalware Scan Interface (AMSI)"
From what I know it is a protocol supported by many antiviruses and perhaps it could be integrated with SmarterMail...
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
Matt Petty Replied
1/17/2024 at 3:58 PM
Employee Post
@Gabriele We do already, that's how our Windows Defender checks work though I haven't heard anything about other antiviruses integrating into that.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
@Matt

As far as I know, there are several antivirus vendors that support AMSI.

A short, non-exhaustive list of known antiviruses that support AMSI:
- With-Secure - formerly F-Secure
- Fortinet FortiClient (my First Choice...)
- Kaspersky
- Eset
- Cybersaver
...
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
John Quest Replied
1/26/2024 at 9:02 AM
I have investigated using the VirusTotal API but as a separate third party process in conjunction with Declude/DR. However, as someone else posted, to do that you have to use their commercial License which is very expensive. The free license is limited to IIRC 500 requests per 24 hours. Also, and this became a deal breaker for us, unless you use the paid commercial license and specifically configure it to NOT include the checks in the public database, the contents of any file updated becomes part of their public database. 
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Microsoft Defender Antivirus and Virus Scanner ExceptionsSmarterMail > Troubleshooting
Setting up Email Signing (DKIM) for a DomainSmarterMail > Domain/User Configuration and Management
Integrating Existing SSL Certificates With SmarterMail Automated SSL CertificatesSmarterMail > Server Configuration and Management
Reducing ClamAV False PositivesSmarterMail > Troubleshooting
Spam and Security Checks for IPv6 SystemsSmarterMail > Antispam and Antivirus