VirusTotal Alternatives [Changing Subject Line]

[Karl Bernard <karl.bernard () GMAIL COM>]

This is a great discussion and deserves its own thread ;)



On Thu, Jan 26, 2012 at 9:38 AM, Tim Doty <tdoty () mst edu> wrote:

> A quick look at jotti's source and I expect them to follow virustotal
> down the path of requiring allowing all google domains to function.
>
> To force javascript enabled they disable the form input and then use
> javascript to enable it. They have a claim that the service will not
> work without javascript. Inasmuch as that is true it is only so because
> they deliberately broke the page. Of course, it is a misleading
> statement anyway because javascript isn't an either/or situation (thanks
> to NoScript).
>
> They also use javascript to validate form data. I haven't looked at it
> deeply (what is there to validate for a simple file upload?), but I did
> notice the comment that they skip hidden elements because user's can't
> alter the information. Really? My estimation of their web developers is
> dropping...
>
> The javascript they include looks pretty mundane, just some "fancy it
> up" type stuff (and of course a function to enable the submit button for
> the form).
>
> If they were upfront and said "this is an ad supported service, we will
> try our best to make it not work if you don't view our ads" I'd think
> more highly of them. What would be nice is a community service that did
> what virustotal and jotti do, but without the back links to google.
> Maybe something for REN-ISAC (as if they didn't have enough stuff lined
> up already...)
>
> Tim Doty
>
>
> On Thu, 2012-01-26 at 09:23 -0600, Tim Doty wrote:
> > On Thu, 2012-01-26 at 09:01 -0600, John Kristoff wrote:
> > > On Thu, 26 Jan 2012 08:24:08 -0600
> > > Tim Doty <tdoty () MST EDU> wrote:
> > >
> > > > I'm aware of some alternatives, but I'm curious about reputation.
> What
> > > > do people here use other than virustotal?
> > >
> > > I can't speak to reputation, but here are a few popular alternatives.
> > > Not all of these do exactly the same thing, but they do at least
> provide
> > > a similar sort of service:
> > >
> > >   <http://anubis.iseclab.org/>
> >
> > yep, these guys are good for getting an analysis
> >
> > >   <http://fileadvisor.bit9.com/services/search.aspx>
> > I don't think I've seen this one before, thanks!
> >
> > >   <http://www.team-cymru.org/Services/MHR/>
> > >   <http://www.threattrack.com/>
> > >   <http://www.threatexpert.com/submit.aspx>
> >
> > >   <http://virusscan.jotti.org/en>
> > This is one I've started using. Note, they also require javascript "just
> > because" (c'mon, it doesn't require javascript to do a simple form, but
> > for some reason the submit button isn't active until you permit their
> > domain -- I haven't analyzed what their javascript does, but the fact
> > they require it for *submit* button is not encouraging).
> >
> > >   <http://wepawet.iseclab.org/>
> >
> > I've never had wepawet ever find anything, even on files simple enough
> > for manual examination it would conclude it was safe.
> >
> > Tim Doty