《云安全》在线系列讲座之二 --- 人云亦云

jefffire

nkspark 发表于 2011-3-21 07:13
讲座一参见：《云安全》在线系列讲座之一 --- 云安全基本概念，http://bbs.kafan.cn/thread-934671-1 ...

如果你有一个样本，能够被某个杀毒软件查出，却没有被本首席的这款全球最强软件查出的话，本首席直接把面前的显示器吃了。

很不幸，这样的样本很多，你需要吃显示器了。

sevenday

很抱歉，吃显示器吧

李白vs苏轼

回复 21楼 jefffire 的帖子

是用vt的API接口吧

李白vs苏轼

What is the VirusTotal API?
The VirusTotal API lets you upload and scan files, submit and scan URLs, access finished scan reports and make automatic comments on URLs or samples without the need of using the HTML website interface. In other words, it allows you to build simple scripts to access the information generated by VirusTotal.

The chosen format for the API is HTTP POST requests with JSON object responses and it is limited to at most 20 requests of any nature in a given 5 minutes time frame. If you run a honeyclient, honeypot or any other automation that is going to provide resources to VirusTotal and not only retrieve reports you are entitled to a special API with a higher request rate quota, ask for it at info@virustotal.com. The public API is a free service, available for any web site or application that is free to consumers.

The API must not be used in commercial products or services, it can not be used as a substitute for antivirus products and it can not be integrated in any project that may harm the antivirus industry directly or indirectly. Noncompliance of these terms will result in inmediate permanent ban of the infractor individual or organization. Please see the terms of use for more information.

How do I start?
The process could not be easier. Sign up to VT Community (using the sign in box at the top left hand side of the page). Once you have a valid VT Community account, you will find your personal API key in the inbox of your account (sign in and drop down the My account menu). This key is all you need to use VirusTotal's API.

So what can I do with the VirusTotal API?
The following examples show how to perform specific tasks with the API, the examples are coded in Python, but take into account that they work with any coding language, you just need to be able to perform HTTP requests and load JSON objects. Some implementations of the API in other languages can be found at the bottom of this page.

Note that the API response format will always be a dictionary containing at least a result field. If the item you searched for was not present this result will be 0, if you exceeded the public API request rate it will be -2, if the API key provided is incorrect it will be -1, any other case is detailed in the following sections.

李白vs苏轼

Using VirusTotal API with Java

1. JVirusTotal vt = new JVirusTotal(your_API_key);
   
2. String url = "http://www.x.x";
   
3. 
   
4. // submit an URL
   
5. vt.submitScanURL(url);
   
6. 
   
7. // retrieve an URL scan report
   
8. vt.retrieveURLscan(url);
   
9. 
   
10. // retrieve a file scan report
    
11. vt.retrieveFilescan(getMD5Sum(new URL(url)));
    
12. 
    
13. The following class is used to get the MD5 hash of a file, by giving its URL.
    
14. import java.io.IOException;
    
15. import java.io.InputStream;
    
16. import java.math.BigInteger;
    
17. import java.net.MalformedURLException;
    
18. import java.net.URL;
    
19. import java.security.MessageDigest;
    
20. import java.security.NoSuchAlgorithmException;
    
21. 
    
22. 
    
23. public class md5 {
    
24.         /**
    
25.          * it calculates the md5sum
    
26.          *
    
27.          * @param url file url
    
28.          * @return md5sum
    
29.          */
    
30.         public static String getMD5Sum(URL url) {
    
31.                 MessageDigest digest = null;
    
32. 
    
33.                 try {
    
34.                         digest = MessageDigest.getInstance("MD5");
    
35.                 } catch (NoSuchAlgorithmException e) {
    
36.                         e.printStackTrace();
    
37.                 }
    
38. 
    
39.                 byte[] buffer = new byte[8192];
    
40.                 int read = 0;
    
41.                 String output = "";
    
42. 
    
43.                 InputStream is = null;
    
44. 
    
45.                 try {
    
46.                         is = url.openStream();
    
47. 
    
48.                         while( (read = is.read(buffer)) > 0) {
    
49.                                 digest.update(buffer, 0, read);
    
50.                         }               
    
51.                         byte[] md5sum = digest.digest();
    
52.                         BigInteger bigInt = new BigInteger(1, md5sum);
    
53.                         output = bigInt.toString(16);
    
54.                 }
    
55.                 catch(IOException e) {
    
56.                         e.printStackTrace();
    
57.                 } finally {
    
58.                         try {
    
59.                                 is.close();
    
60.                         } catch(IOException e) {
    
61.                                 e.printStackTrace();
    
62.                         }
    
63.                 }
    
64. 
    
65.                 return output;
    
66.         }
    
67. 
    
68.         public static void main (String[] s) throws MalformedURLException{
    
69.                 System.out.println(getMD5Sum(new URL("http://www.x.x")));
    
70.         }
    
71. }

复制代码

jefffire

nkspark 发表于 2011-3-21 07:13
讲座一参见：《云安全》在线系列讲座之一 --- 云安全基本概念，http://bbs.kafan.cn/thread-934671-1 ...

本来以为你是不懂。才发现原来您是混看雪论坛的。对装糊涂的人，我表示遗憾

nkspark

jefffire 发表于 2011-3-21 15:03
如果你有一个样本，能够被某个杀毒软件查出，却没有被本首席的这款全球最强软件查出的话，本首席直接把面 ...

空口无凭啊，上图，上样本...

nkspark

sevenday 发表于 2011-3-21 15:09
很抱歉，吃显示器吧

空口无凭啊，上图，上样本...

李白vs苏轼

首席,为啥在我这里就一闪而过什么也没有呢

你想怎样

楼主看来还是有点低调的,  还没用原创标签.

不过还是得到一个魅力呀