New
#10
Good work Colin, out of the four scanners you show, I had only heard of/used VirusTotal. It's always good to have more tools.
Good work Colin, out of the four scanners you show, I had only heard of/used VirusTotal. It's always good to have more tools.
Very nice, Colin. Another great resource for malware issues.
Metascan Online is by far the best option out of all these. Not only is it faster than VirusTotal but recently Metascan Online received a UI facelift that looks absolutely stunning. Metascan Online also offers a free public API. Definitely give the new www.metascanonline.com a look!
Great information but slightly stale.
VirusTotal offers the most scanners and Jotti the fewest (but almost all are major vendors). VT might be the best for developers trying to avoid false positives but otherwise any of the four will be roughly equally effective at finding malware.
Note that results for the same vendor/product may vary slightly among these metascan sites and between these sites and a vendor site or a client install for numerous reasons. A few of these are: Windows v. *nix engine; options/settings including heuristics sensitivity or number of active engines; last engine or signature update; other features/tools included in the client install like HIPS; and virtual environment software.
VirusTotal.com - 128MB file max
Several 3rd party and VT itself (obscurely located in browser and desktop sections of their doc) created tools (32? MB limit) improve access. Also supports searches by file hash and by URL and IP for reputation. I'm not sure how well VT informs users when limits are exceeded.
Metascan-Online.com (note hyphenation; non-hyphenated URL is iffy) - 140MB file max. 500 file max per archive. xx nesting levels (e.g., zip an already compressed install file that contains a compressed library).
Metascan-Online by OPSWAT clearly has the best online interface with rescan option, scan history, and separate results for archive components. Also supports searches by file hash and by IP for reputation (maybe URL forthcoming?). Usually the fastest, but does have lower per hour or per day submission limits. Browser integration is spotty but promising. Uses MS Windows version of scan engines (most also include Linux signatures and many include Android and iOS malware signatures). OPSWAT has expanded other products into the Linux, Android, and iOS markets but I don't know their plans for expanding Metascan-Online.
Web interface does have a few quirks. Files originally scanned within an archive are difficult/impossible to rescan individually (known issue). Worse, results for unavailable engines (e.g., being updated) are reported as if a pass (it's not a flaw; it's a feature). This can lead to confusion, especially when comparing results over time (e.g., "8/43" last week and "7/43" this week DOES NOT MEAN at least one VENDOR EVALUATION CHANGED: it might really be "8/43" last week and "7/42--1 unavailable" this week!!). A small enhancement might include summarizing the number of favorable, unfavorable, and reclassification changes since the prior run. Cavils aside, this is easily the best web interface.
Jotti.org - JottiQ is a handy 3rd party tool. Usually slower than Metascan-Online and VirusTotal. Jotti is *nix based but all(?) engines include MS Windows malware signatures.
VirScan.org - 20MB max. 20 file max per archive. Usually the slowest of these four with the least flexibility so I rarely use it.
Off Topic: URLvoid.com is also a good metascanner for URLs and IPs.