Skip to content

Latest commit

 

History

History

virustotal

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
docs
docs
 
 
ui
ui
 
 
README.md
README.md
 
 
plugin.json
plugin.json
 
 
virustotal.lua
virustotal.lua
 
 

README.md

VirusTotal plugin

BunkerWeb VirusTotal diagram

This BunkerWeb plugin will automatically check if any uploaded file is already analyzed on VirusTotal and deny the request if the file is detected by some antivirus engine(s).

At the moment, submission of new file is not supported, it only checks if files already exist in VT and get the scan result if that's the case.

Table of contents

Prerequisites

Please read the plugins section of the BunkerWeb documentation first.

You will need a VirusTotal API key to contact their API (see here). The free API key is also working but you should check the terms of service and limits as described here.

Setup

See the plugins section of the BunkerWeb documentation for the installation procedure depending on your integration.

Docker

version: '3'

services:

  bunkerweb:
    image: bunkerity/bunkerweb:1.5.9
    ...
    environment:
      - USE_VIRUSTOTAL=yes
      - VIRUSTOTAL_API_KEY=mykey
    ...

Swarm

version: '3'

services:

  mybunker:
    image: bunkerity/bunkerweb:1.5.9
    ...
    environment:
      - USE_VIRUSTOTAL=yes
      - VIRUSTOTAL_API_KEY=mykey
    ...
    networks:
      - bw-plugins
    ...

...

Kubernetes

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress
  annotations:
    bunkerweb.io/USE_VIRUSTOTAL: "yes"
    bunkerweb.io/VIRUSTOTAL_API_KEY: "mykey"

Settings

Setting Default Context Multiple Description
USE_VIRUSTOTAL no multisite no Activate VirusTotal integration.
VIRUSTOTAL_API_KEY global no Key to authenticate with VirusTotal API.
VIRUSTOTAL_SCAN_FILE yes multisite no Activate automatic scan of uploaded files with VirusTotal (only existing files).
VIRUSTOTAL_SCAN_IP yes multisite no Activate automatic scan of uploaded ips with VirusTotal.
VIRUSTOTAL_IP_SUSPICIOUS 5 global no Minimum number of suspicious reports before considering IP as bad.
VIRUSTOTAL_IP_MALICIOUS 3 global no Minimum number of malicious reports before considering IP as bad.
VIRUSTOTAL_FILE_SUSPICIOUS 5 global no Minimum number of suspicious reports before considering file as bad.
VIRUSTOTAL_FILE_MALICIOUS 3 global no Minimum number of malicious reports before considering file as bad.