vtuploader.pl est un script écrit par Cd-MaN qui permet d'uploader des fichiers suspects chez VirusTotal.com pour être analysés par plus d'une trentaine de moteurs anti-virus.

$ wget http://hype.free.googlepages.com/vtuploader.pl
$ chmod +x vtuploader.pl

Nous allons prendre pour tests les virus fournis dans le récent article http://blog.untangle.com/?p=96
Les détails sont aussi sur http://virus.untangle.com/

$ wget http://virus.untangle.com/samples.zip
$ unzip -P a samples.zip

$ ./vtuploader.pl -nv all/000_eicar.com
Processing file all/000_eicar.com
MD5: 44d88612fea8a8f36de82e1278abb02f
File size: 68 bytes

Upload finished, waiting for scanning
Enqued in position 10. Estimated start time between 93 and 133 seconds
Scanning. Scanned with 31 engines
Scanning done
Infection count 32 out of 32

File all/000_eicar.com

Antivirus...... Version ...... Last Update ......Result
AVG ...... 7.5.0.476 ...... 2007.08.13 ...... EICAR_Test
AhnLab-V3 ...... 2007.8.9.2 ...... 2007.08.13...... EICAR_Test_File
AntiVir ...... 7.4.0.60 ...... 2007.08.13 ...... Eicar-Test-Signature
Authentium ...... 4.93.8 ...... 2007.08.13 ...... EICAR_Test_File
Avast ...... 4.7.1029.0 ...... 2007.08.13 ...... EICAR Test-NOT virus!!
BitDefender ...... 7.2 ...... 2007.08.13...... EICAR-Test-File (not a virus)
CAT-QuickHeal ...... 9.00 ...... 2007.08.13 ...... EICAR Test File
ClamAV ...... 0.91 ...... 2007.08.13 ...... Eicar-Test-Signature
DrWeb ...... 4.33 ...... 2007.08.13...... EICAR Test File (NOT a Virus!)
Ewido ...... 4.0 ...... 2007.08.13...... Not-A-Virus.Test.Eicar
F-Prot ...... 4.3.2.48 ...... 2007.08.13...... EICAR_Test_File
F-Secure ...... 6.70.13030.0 ......2007.08.13 ...... EICAR_Test_File
FileAdvisor ...... 1 ...... 2007.08.13...... High threat detected
Fortinet ...... 2.91.0.0 ...... 2007.08.13...... EICAR_TEST_FILE
Ikarus ...... T3.1.1.12 ...... 2007.08.13 ...... EICAR-ANTIVIRUS-TESTFILE
Kaspersky ...... 4.0.2.24 ...... 2007.08.13...... EICAR-Test-File
McAfee ...... 5096 ...... 2007.08.13 ...... EICAR test file
Microsoft ...... 1.2704 ...... 2007.08.13...... Virus:DOS/EICAR_Test_File
NOD32v2 ...... 2457 ...... 2007.08.13...... Eicar test file
Norman ...... 5.80.02 ...... 2007.08.13...... EICAR_Test_file_not_a_virus!
Panda ...... 9.0.0.4 ...... 2007.08.12 ...... EICAR-AV-TEST-FILE
Prevx1...... V2 ...... 2007.08.13 ...... Win32.Malware.gen
Rising ...... 19.36.02.00 ...... 2007.08.13...... EICAR-Test-File
Sophos ...... 4.20.0 ...... 2007.08.12...... EICAR-AV-Test
Sunbelt ...... 2.2.907.0 ...... 2007.08.11 ...... EICAR (v)
Symantec ...... 10 ...... 2007.08.13...... EICAR Test String
TheHacker ...... 6.1.8.167 ...... 2007.08.13 ...... EICAR_Test_File
VBA32 ...... 3.12.2.2 ...... 2007.08.13...... EICAR-Test-File
VirusBuster...... 4.3.26:9 ...... 2007.08.13 ...... EICAR_test_file
Webwasher-Gateway...... 6.0.1 ...... 2007.08.13 ...... Virus.Eicar-Test-Signature
eSafe ...... 7.0.15.0 ...... 2007.08.10...... EICAR Test File
eTrust-Vet ...... 31.1.5055 ...... 2007.08.13...... the EICAR test string

Additional information

File size: 68 bytes
MD5: 44d88612fea8a8f36de82e1278abb02f
SHA1: 3395856ce81f2b7382dee72602f798b642f14140
$

Le test complet:

$ ./vtuploader.pl -nv all/*

Les résultats sont ici.

Chacun en tirera ses conclusions...

/!\ Le script est à utiliser avec parcimonie pour éviter un DOS sur VirusTotal.com ou un filtrage du script de leur part...