Use Email to scan files on Virustotal

Martin Brinkmann
Dec 10, 2018

Virustotal, an online virus scanning service operated by Google, is a handy resource to verify that files are clean before you execute them on your devices.

All it takes is to visit the Virustotal website, drop a file on the interface from the local system, and wait for the scan results to be displayed after the scan.

The service is ideal to get a quick overview of a file's reputation. Results are not 100% trustworthy especially if some engines report hits while others don't; the likelihood of false positives is higher on Virustotal than with any one antivirus engine that you check files against.

Virustotal maintains an email scanning service next to the Web version and the APIs that it provides. You send emails with a file attachment to the service and get a report soon thereafter as a reply.

virustotal scan email

Here is how that works:

  • Create a new email and use as the recipient.
  • Put Scan in the subject field and leave the body empty.
  • Attach a single file to the email.

The email is returned by the recipient's email address ( and uses the subject [VirusTotal] Server notification.

It lists file information -- name, size, md5 and sha1 hashes -- and results of all supported engines. Each engine is listed with its name, version, and last update date.

virustotal scan results email

Email scanning is quite handy at times, e.g. when you are on a mobile and want a file scanned, cannot access the VirusTotal website, or want multiple files scanned in a short period of time.

Third-party applications like Winja VirusTotal Uploader or

The system has several limitations, however:

  • Email attachments have a size limited that depends on the email provider but it is usually 25 Megabytes.
  • Some providers, e.g. Gmail, prevent the sending of executable files types. Gmail blocks these even when you zip them.
  • Results are limited when compared to the wealth of tools that Virustotal provides, e.g. relations, online calls, and operational details.

Closing Words

It is better, usually, to use Virustotal directly or through a program as you don't run into any of the limitations that way. Sometimes however, email scanning may come in handy.

Now You: Do you use a service like Virustotal?

Use Email to scan files on Virustotal
Article Name
Use Email to scan files on Virustotal
Virustotal maintains an email scanning service next to the Web version and the APIs that it provides that scans emails with file attachments.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. charles said on June 9, 2021 at 2:56 pm

    Virus total email scanning no longer available, please recommend another

  2. Anon Ops said on December 13, 2018 at 1:31 pm

    All due respect, uploading stuff on VirusTotal is a VERY, VERY poor OPSEC practice.
    Anybody that has access to a specific type of licence can download your sample and people will upload invoices, contracts, sensitive stuff that will expose a LOT of data about your company.
    So DON’T upload stuff on VT. Instead hash it and check it.

    1. Clairvaux said on December 13, 2018 at 3:00 pm

      That’s a very interesting remark. I suppose you mean : anybody that has access to a special Virus Total license, a Virus Total paying customer ?

      Practical question : how can you hash a file and submit the hash to Virus Total ? On my computer, that’s what happens when I upload something to Virus Total. The program sends a hash, and then, if someone else has not already submitted this file (and that only happens once in a while), it asks me whether I want to upload the file itself.

      Now isn’t your remark very theoretical ?

      If I want to check a sensitive document, and invoice, a contract, then chances are nobody has already submitted it, and there’s no hash result on file at Virus Total. So I would actually need to send the file itself.

      On the other hand, if it has already been submitted and there’s a hash on file, then most likely it’s a software executable downloaded by the thousands on the Internet, or it’s a public pdf report posted on the United Nations website, or something like that. In other words, nothing confidential.

  3. Clairvaux said on December 10, 2018 at 11:44 pm

    I always do a Virus Total scan before I install anything. There’s often one false positive by an anti-virus with a ridiculous name (or a non-conventional, heuristic one). It sometimes happens that big programs cannot be submitted because they exceed the size limit.

    I have a Virus Total option in my right-click menu. Don’t remember how it got there, but it’s very handy.

    The option to rely on previous scans by other users through hash comparison (immediate results, once the file has been uploaded), or to ask for a fresh scan anyway (you need to wait a bit) is very convenient.

    1. Anonymous said on December 12, 2018 at 8:25 pm

      “I have a Virus Total option in my right-click menu. Don’t remember how it got there”

      Probably the same way Google products like Chrome are installed everywhere : by deception.

  4. Batman said on December 10, 2018 at 11:29 pm

    Does anyone have an alternative to Virustotal context menu integration? YOu know, how in W10 you can just right-click file and send to get results? Does Winja or anyone else have that??

    Searching right now…

  5. paul(us) said on December 10, 2018 at 4:19 pm

    As always an easy to read and also an informative article, Martin.

    But it leaves me with only one question:
    Main Eset internet security software supplies a built-in function which scans incoming email on the presence of all kind of zero-day attacks exploits, hijacks, malware, trojans, virus, etc. etc..
    Do you Martin (Or anybody else who knows this) or its necessary with even a relatively good security virus program (Like I think I have) who also scans for all kinds of other malicious things (Like mentioned here above) it’s sometimes necessary to scan, with a second program like the online Virustotal possibility?

    1. Martin Brinkmann said on December 10, 2018 at 4:43 pm

      I like Virustotal as a second-opinion scanner. Say, Eset does not detect anything but you want confirmation that a file is clean before you execute it on your system. A scan on VT could give you the reassurance that it is probably safe to run.

  6. TelV said on December 10, 2018 at 3:29 pm

    Jotti’s malware scan offers an alternative to Google (Virustotal):

    1. Anonymous said on December 10, 2018 at 4:56 pm

      I know this one also, but the file upload seems quite slow and file size is 20 M max :

      1. Klaas Vaak said on December 10, 2018 at 6:15 pm

        @Anonymous: I agree.

  7. Terence said on December 10, 2018 at 3:14 pm

    … but of course GOOGLE is also harvesting your email address for its permanent records & correlation databases

  8. Klaas Vaak said on December 10, 2018 at 2:32 pm

    Google makes it so very easy to hand over your private data – this is yet another example.

    1. said on December 10, 2018 at 4:28 pm


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.