2
Virus Total Integration
Question asked by J Lee - 1/16/2024 at 12:26 PM
Answered
Hi All

Has anyone tried to use the VirusTotal API to check the hash on email attachments?

J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273

5 Replies

Reply to Thread
4
Zach Sylvester Replied
Employee Post Marked As Answer
Hello, 

Thanks for reaching out. I looked into this a while ago because I thought it would be a cool feature to add as well. However, the public API has limitations, and it's against their terms and conditions to use it for commercial uses. They do have a premium API however, I've heard that it's super expensive (around 5k a month). 
So I don't think this is a feature that we will be integrating into SmarterMail. 

Kind Regards, 
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
1
Why not support "Antimalware Scan Interface (AMSI)"
From what I know it is a protocol supported by many antiviruses and perhaps it could be integrated with SmarterMail...


Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
Matt Petty Replied
Employee Post
@Gabriele We do already, that's how our Windows Defender checks work though I haven't heard anything about other antiviruses integrating into that.
Matt Petty Software Developer SmarterTools Inc. www.smartertools.com
0
@Matt

As far as I know, there are several antivirus vendors that support AMSI.

A short, non-exhaustive list of known antiviruses that support AMSI:
- With-Secure - formerly F-Secure
- Fortinet FortiClient (my First Choice...)
- Kaspersky
- Eset
- Cybersaver
...
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
John Quest Replied
I have investigated using the VirusTotal API but as a separate third party process in conjunction with Declude/DR. However, as someone else posted, to do that you have to use their commercial License which is very expensive. The free license is limited to IIRC 500 requests per 24 hours. Also, and this became a deal breaker for us, unless you use the paid commercial license and specifically configure it to NOT include the checks in the public database, the contents of any file updated becomes part of their public database. 

Reply to Thread