Malware scanner API provides a set of functions to help you detect, protect and remove malicious software from devices and networks. These programs can be installed by hackers, email providers or other third parties to disrupt computer operation and gather sensitive information. They can also cause system damage, resulting in data loss and ransomware.
The malware scanner API allows you to scan files for viruses and identify vulnerabilities in file content. It supports millions of virus signatures and can be deployed locally or in the cloud. Its stateless in-memory processing provides fast performance and strong security.
Virus scanning is an important component of any file-processing application and helps ensure that your customers’ data is protected from infection by viruses, spyware, trojans and other malware. It can be accessed through the malware scanner connector on your application’s server side, via an HTTP request to our API or as an event-driven pipeline that triggers a ClamAV engine hosted in Cloud Storage and writes log entries and metrics to Google Cloud logging and monitoring.
Signature-based malware detection identifies new threats by searching for digital signatures of known malware components and comparing these to signatures already detected in files. This approach is more effective at detecting previously known malicious software than other methods, but it can also miss new or unknown threats.
Heuristic analysis of files to determine whether they are likely to contain viruses is another popular method for malware detection. The heuristic analysis of files involves running a series of probing tests on the file to evaluate its behavior and whether it is likely to contain viruses.
This approach is useful for files that are prone to being corrupted, such as executables and scripts. It also works well for archives, such as ZIP, JAR, TAR, ARJ, LHA, PKARC, PKZIP, RAR, WinACE, BZip and Zcompress formats.
The VirusTotal API uses a heuristic analysis of the URLs that are scanned to determine whether they are likely to contain viruses. This analysis includes over 20 data points that summarize the risk level of the URL or domain. It can be used to quickly identify scam sites, phishing, malware, and low reputation domains that are commonly used for fraudulent activities.
Live URL scanning is a simple on-demand feature that performs over 20 data points to determine the risk level of the web page or domain being scanned. You can retrieve this information as an XML feed or as a CSV spreadsheet to use in your application.
You can also use the VirusTotal API to quickly detect and classify parked domains. This can be done in real time and includes support for parked domains from parking services such as Sedo, ParkingCrew and others.
Parked domains are a common method of malicious distribution, allowing attackers to use a domain that is currently pointed to a third-party parking service, such as Sedo or ParkingCrew, in order to hide their activity from antivirus and antimalware systems. The VirusTotal API can be called from your backend, SOAR, or third-party service to detect and classify parked domains using a live threat intelligence feed.