Virustotal is my go-to services if I want to check out files or web addresses for malicious contents. I usually do so before I execute any program that I want to run on my system, and also when I encounter urls that look suspicious.
The main advantage of the service is that it will scan the file or url with multiple antivirus engines so that you get a much clearer picture of dangers as if you would only use a single program for that.
While there is nothing wrong with having to visit the Virustotal website for the scanning, third party desktop programs like Virustotal Uploader make things a lot easier.
Version 3.0 of the excellent program for Windows has just been released. It introduced several new features that improve it further.
Phrozen Virustotal Uploader 3.0
The program ships with a dozen changes in total, of which I'd consider two major.
- The first change is that you do not need administrative privileges on a Windows PC anymore to run the application. While you may not be able to use all functionality without proper privileges, it is certainly possible to select files or urls locally that you want scanned. The only restriction to that is that you do not get access to files managed by the admin account or the system, but other than that you are good to go.
- The program's download and scan module has been recoded, so that it is now possible to download and scan multiple files or addresses using the application.
When you first start the program you will notice its clean sharp design that focuses on the important bits. You can use the open button in the interface to pick files for upload, or use the tools menu for advanced functionality.
It is this menu that makes the program this good. Here you can access the list of running processes on the system, Windows' startup programs, the services, or programs that make use of a network connection in one form or the other.
When you select one of the options, you are taken to a file or service listing that lets you pick one or multiple files -- all if you want -- for upload to Virustotal. These files get queued and send to the service and results will be returned shortly thereafter.
The only restriction here is the file size limit that can't exceed 50 Megabytes it seems (Virustotal's own limit is 64 Megabyte on the website). A problem that you can run into is that Virustotal Uploader does not check the file size before it uploads a file to the service. This means that it will upload files exceeding the limit even though they cannot be scanned by the service and will return an error message.
Update: Version 3.1 of the program fixes the issue. A message is now displayed if the file size that you are uploading is greater than the allowed size for public API requests.
Here are a couple of tips to get you started:
- You may want to disable the notifications that the program displays when scan reports are available or errors are noticed during the upload. You can disable them with a click on Settings > Notifications.
- The program adds quick file scan options to Windows Explorer. If you do not need those, disable them under General Settings.
- You can add your own Virustotal API key if you have one there as well.
- If you do not use the quick upload widget, disable it under General Settings as well.
- All files and urls you select are added to the uploads process tab first, then moved to the awaiting results tab, and finally moved to the available results tab. You can check the progress of any file or url in those tabs so that you always know about the status of the scan.
- A right-click on a file in the results listing enables you to open its result page on the Virustotal website. This can be useful to check on the positive hits that Virustotal reported. It is however possible to double-click a file in the program to display the scan results right in the interface.
You can check for the update in the program interface under Settings > Update Manager. The update is definitely worth it as it improves the application further.