-
Notifications
You must be signed in to change notification settings - Fork 24
/
vtFileKnownBySymantec.go
81 lines (72 loc) · 2.26 KB
/
vtFileKnownBySymantec.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
// vtFileKnownBySymantec.go - checks via VirusTotal if a given file is detected by Symantec AV.
package main
import (
"crypto/md5"
"encoding/json"
"flag"
"fmt"
"io"
"os"
"github.com/williballenthin/govt"
)
var apikey string
var apiurl string
var rsrc string
var file string
var vtUpload bool
func init() {
flag.StringVar(&apikey, "apikey", os.Getenv("VT_API_KEY"), "Set environment variable VT_API_KEY to your VT API Key or specify on prompt")
flag.StringVar(&apiurl, "apiurl", "https://www.virustotal.com/vtapi/v2/", "URL of the VirusTotal API to be used.")
flag.StringVar(&rsrc, "rsrc", "8ac31b7350a95b0b492434f9ae2f1cde", "resource of file to check VT for. Resource can be md5, sha-1 or sha-2 sum of a file.")
flag.StringVar(&file, "file", "", "submit a file instead of a resource")
flag.BoolVar(&vtUpload, "upload-vt", false, "if 'true' files unknown to VT will be uploaded to VT")
}
// calculate md5 of a given file
func calcMd5(filename string) (md5sum string) {
f, err := os.Open(filename)
check(err)
defer f.Close()
md5 := md5.New()
_, err = io.Copy(md5, f)
return fmt.Sprintf("%x", md5.Sum(nil))
}
func check(e error) {
if e != nil {
panic(e)
}
}
func main() {
flag.Parse()
fileForError := ""
if file != "" {
rsrc = calcMd5(file)
fileForError = file
} else {
fileForError = "</path/to/file>"
}
c, err := govt.New(govt.SetApikey(apikey), govt.SetUrl(apiurl))
check(err)
r, err := c.GetFileReport(rsrc)
check(err)
if r.ResponseCode == 0 {
fmt.Println(rsrc + " NOT KNOWN by VirusTotal")
if vtUpload == true && file != "" {
r, err := c.ScanFile(file)
check(err)
j, err := json.MarshalIndent(r, "", " ")
fmt.Printf("FileReport: ")
os.Stdout.Write(j)
} else {
fmt.Printf("For uploading to VT use vtFileScan -file=%s\n", fileForError)
}
} else {
sr := r.Scans["Symantec"]
if sr.Detected == true {
fmt.Printf("%s detected by Symantec Version %s as %s since update %s\n", rsrc, sr.Version, sr.Result, sr.Update)
} else {
fmt.Printf("%s NOT detected by Symantec; Detection Rate: [%d/%d]\n", rsrc, r.Positives, r.Total)
fmt.Printf("If you want to upload this file to VT use: 'vtFileScan -file=%s'\n", fileForError)
fmt.Printf("If you want to submit it to Symantec use: 'symantecUpload -file=%s'\n", fileForError)
}
}
}