public async Task <string> VirusTotalScan(IFormFile formfile, string fileName) { var virusTotal = new VirusTotal(_configuration["VTKey"]); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Check if the file has been scanned before. byte[] file = ConvertToBytes(formfile); FileReport fileReport = await virusTotal.GetFileReportAsync(file); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; var jsonReport = ""; //If the file has been scanned before, the results are embedded inside the report. if (hasFileBeenScannedBefore) { jsonReport = JsonConvert.SerializeObject(fileReport); } else { // scan file and return results as json await virusTotal.ScanFileAsync(file, fileName); FileReport fileResult = await virusTotal.GetFileReportAsync(file); jsonReport = JsonConvert.SerializeObject(fileResult); } return(jsonReport); }
private static async Task <FileReport> GetVirusTotalFileReport(string dllPath) { await Console.Out.WriteLineAsync($"Checking file: {dllPath} on VirusTotal"); var virusTotal = new VirusTotal(VirusTotalApiKey) { UseTLS = true }; //Check if the file has been scanned before. var fileToScan = new FileInfo(dllPath); var fileReport = await virusTotal.GetFileReportAsync(fileToScan); var hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; //If the file has been scanned before, the results are embedded inside the report. if (!hasFileBeenScannedBefore) { ScanResult fileResult = await virusTotal.ScanFileAsync(fileToScan); fileReport = await virusTotal.GetFileReportAsync(fileToScan); } return(fileReport); }
/// <summary> /// Method to get report report /// </summary> /// <returns>The report.</returns> /// <param name="sha256">Sha256.</param> static FileReport Report(string sha256) { VirusTotal virus = new VirusTotal(File.ReadAllText(Globals.ApiKey)); var report = virus.GetFileReportAsync(sha256); return(report.Result); }
public async Task GetReportForKnownFile() { FileReport fileReport = await VirusTotal.GetFileReportAsync(TestData.EICARMalware); //It should always be in the VirusTotal database. Assert.Equal(FileReportResponseCode.Present, fileReport.ResponseCode); }
public static bool InitVirusTotal(string key) { VirusTotal vt = null; FileReport report = null; try { Task.Run(async() => { vt = new VirusTotal(key); report = await vt.GetFileReportAsync("b82758fc5f737a58078d3c60e2798a70d895443a86aa39adf52dec70e98c2bed"); }).Wait(); } catch (Exception ex) { Failed?.Invoke(ex.InnerException?.Message); return(false); } if (report == null || report.MD5 != "0bf60adb1435639a42b490e7e80d25c7") { return(false); } vTotal = vt; Context.VirusTotalEnabled = true; return(true); }
public async Task <FileReport> GetFileReportAsync(string sha256) { VirusTotalNET.Results.FileReport fr = await virusTotal.GetFileReportAsync(sha256); if (fr.ResponseCode == VirusTotalNET.ResponseCodes.FileReportResponseCode.Present) { Dictionary <string, ScanEngine> scans = new Dictionary <string, ScanEngine>(); foreach (KeyValuePair <string, VirusTotalNET.Objects.ScanEngine> scan in fr.Scans) { scans.Add(scan.Key, new ScanEngine { Detected = scan.Value.Detected, Version = scan.Value.Version, Malware = scan.Value.Result }); } return(new FileReport { SHA256 = sha256, Scans = scans }); } return(null); }
private async Task <FileReport> ScanBytesAsync(byte[] bytes) { VirusTotal virusTotal = new VirusTotal("571adb9ec9c3d0614f1cf16ef8da0429b901eca6aeed8c84653b0e7f6ddf5da4"); virusTotal.UseTLS = true; FileReport report = await virusTotal.GetFileReportAsync(bytes); bool hasFileBeenScannedBefore = report.ResponseCode == FileReportResponseCode.Present; if (hasFileBeenScannedBefore) { metroLabel3.ForeColor = Color.Green; metroLabel3.Text = "успешно"; return(report); } else { ScanResult fileResult = await virusTotal.ScanFileAsync(bytes, "Eicar.txt"); metroLabel3.ForeColor = Color.Green; metroLabel3.Text = "идет сканирование. Подождите приблизительно 2 минуты и сканируйте снова!"; report = null; return(report); } }
private async Task <FileReport> ScanFileAsync(string path) { FileInfo info = new FileInfo(path); VirusTotal vt = new VirusTotal("571adb9ec9c3d0614f1cf16ef8da0429b901eca6aeed8c84653b0e7f6ddf5da4"); vt.UseTLS = true; FileReport fileReport = await vt.GetFileReportAsync(info); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; if (!hasFileBeenScannedBefore) { ScanResult fileResult = await vt.ScanFileAsync(info); metroLabel3.ForeColor = Color.Green; metroLabel3.Text = "идет сканирование. Подождите приблизительно 2 минуты и сканируйте снова!"; return(null); } else { metroLabel3.ForeColor = Color.Green; metroLabel3.Text = "успешно"; return(fileReport); } }
public static FileReport UploadToVirusTotal(string APIKEY) { VirusTotal virusTotal = new VirusTotal(APIKEY); virusTotal.UseTLS = true; byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); FileReport report = await virusTotal.GetFileReportAsync(eicar); return(report); }
public async Task GetReportForUnknownFile() { //Reports for unknown files do not have these fields IgnoreMissingJson(" / MD5", " / Permalink", " / Positives", " / scan_date", " / scan_id", " / Scans", " / SHA1", " / SHA256", " / Total"); FileReport fileReport = await VirusTotal.GetFileReportAsync(TestData.GetRandomSHA1s(1).First()); //It should not be in the VirusTotal database already, which means it should return error. Assert.Equal(FileReportResponseCode.NotPresent, fileReport.ResponseCode); }
public async void GetReportForRecentFile() { //We ignore these fields due to unknown file IgnoreMissingJson(" / MD5", " / Permalink", " / Positives", " / scan_date", " / Scans", " / SHA1", " / SHA256", " / Total"); ScanResult result = await VirusTotal.ScanFileAsync(TestData.GetRandomFile(128, 1).First(), TestData.TestFileName); FileReport fileReport = await VirusTotal.GetFileReportAsync(result.ScanId); Assert.Equal(FileReportResponseCode.Queued, fileReport.ResponseCode); }
public async Task <VirusReport> ScanForVirus(byte[] hostile) { VirusTotal virusTotal = new VirusTotal("1bab2d79f1076e459758fca49c07dd74ae912faf8de9e08d2569387c3cab968f"); // Maximum of 4 requests per minute for scrub api key. :( virusTotal.UseTLS = true; FileReport report = await virusTotal.GetFileReportAsync(hostile); return(new VirusReport() { Positives = report.Positives, ReportLink = report.Permalink }); }
static async void Submit(String file) { VirusTotal vt = new VirusTotal("Insert Api Key Here"); FileStream f = File.Open(file, FileMode.Open, FileAccess.Read); byte[] fileBytes = null; f.Read(fileBytes, 0, (int)f.Length); FileReport report = await vt.GetFileReportAsync(fileBytes); Console.WriteLine("Scan ID: " + report.ScanId); Console.WriteLine("Message: " + report.VerboseMsg); }
public static async Task <bool> IsKeyValid(string key, bool premium) { try { VirusTotal virusTotal = new VirusTotal(key); virusTotal.UseTLS = true; byte[] virus = new byte[1]; virus[0] = 0x20; FileReport report = await virusTotal.GetFileReportAsync(virus); if (premium == true) { FileReport report1 = await virusTotal.GetFileReportAsync(virus); FileReport report2 = await virusTotal.GetFileReportAsync(virus); FileReport report3 = await virusTotal.GetFileReportAsync(virus); FileReport report4 = await virusTotal.GetFileReportAsync(virus); FileReport report5 = await virusTotal.GetFileReportAsync(virus); } return(true); } catch (Exception) { return(false); } }
async System.Threading.Tasks.Task GetReportsAsync() { VirusTotal virusTotal = new VirusTotal(api) { UseTLS = true }; //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); //Check if the file has been scanned before. FileReport report = await virusTotal.GetFileReportAsync(eicar); }
private static async Task Main(string[] args) { VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE"); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); //Check if the file has been scanned before. FileReport fileReport = await virusTotal.GetFileReportAsync(eicar); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No")); //If the file has been scanned before, the results are embedded inside the report. if (hasFileBeenScannedBefore) { PrintScan(fileReport); } else { ScanResult fileResult = await virusTotal.ScanFileAsync(eicar, "EICAR.txt"); PrintScan(fileResult); } Console.WriteLine(); string scanUrl = "http://www.google.com/"; UrlReport urlReport = await virusTotal.GetUrlReportAsync(scanUrl); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present; Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport); } else { UrlScanResult urlResult = await virusTotal.ScanUrlAsync(scanUrl); PrintScan(urlResult); } }
public async Task OnHTTPResponse() { bool completedRaised = false; VirusTotal.OnHTTPResponseReceived += response => { Assert.NotNull(response); completedRaised = true; }; await VirusTotal.GetFileReportAsync(TestData.KnownHashes.First()); Assert.True(completedRaised); }
public async Task OnHTTPRequest() { bool completedRaised = false; VirusTotal.OnHTTPRequestSending += request => { Assert.NotNull(request); completedRaised = true; }; await VirusTotal.GetFileReportAsync(TestData.KnownHashes.First()); Assert.True(completedRaised); }
private async void ScanButton_Click(object sender, EventArgs e) { try { if (!(fileLocator.Text.EndsWith("png") || fileLocator.Text.EndsWith("jpg") || fileLocator.Text.EndsWith("gif") || fileLocator.Text.EndsWith("svg") || fileLocator.Text.EndsWith("txt"))) { fileBytes = File.ReadAllBytes(fileLocator.Text); if (fileBytes != null) { string API_KEY = System.Environment.GetEnvironmentVariable("API_KEY", EnvironmentVariableTarget.Machine); VirusTotal virusTotal = new VirusTotal(API_KEY); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; if (fileBytes.Length > 0) { //Check if the file has been scanned before. FileReport report = await virusTotal.GetFileReportAsync(fileBytes); if (report.ResponseCode == FileReportResponseCode.Present) { foreach (KeyValuePair <string, ScanEngine> scan in report.Scans) { Console.WriteLine("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected); } Console.WriteLine("Scan ID: " + report.ScanId); Console.WriteLine("Message: " + report.VerboseMsg); Console.WriteLine("Seen before: " + (report.ResponseCode == FileReportResponseCode.Present ? "Yes" : "No")); } addResultRecord(fileLocator.Text, report); } else { MessageBox.Show("Please Select a file having valid size"); } } } else { MessageBox.Show("Sorry We Currently Don't Support This Format, Next Release Will incorporat These Features"); fileLocator.Text = ""; } } catch (Exception ex) { MessageBox.Show(ex.Message); } }
private async Task <FileReport> GetFileReportAsyncWithRetries(string itemName, int sleepTime = 0, int timeAddition = 0) { FileReport fileReport = null; try { fileReport = await virusTotal.GetFileReportAsync(itemName); } catch { Thread.Sleep(sleepTime); fileReport = await GetFileReportAsyncWithRetries(itemName, sleepTime + timeAddition); } return(fileReport); }
public static List <string> CheckVT(string file) { List <string> result = new List <string>(); try { VirusTotal virusTotal = new VirusTotal(File.ReadLines(HttpContext.Current.Server.MapPath(vtKey)).First()); virusTotal.UseTLS = true; byte[] filetobyte = File.ReadAllBytes(file); FileReport fileReport = Task.Run(async() => await virusTotal.GetFileReportAsync(filetobyte)).Result; bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; FileInfo vtfile = new FileInfo(file); if (hasFileBeenScannedBefore) { if (fileReport.ResponseCode == FileReportResponseCode.Present) { foreach (KeyValuePair <string, ScanEngine> scan in fileReport.Scans) { StringBuilder scanString = new StringBuilder(); scanString.Append(scan.Key); scanString.Append("*"); scanString.Append(scan.Value.Detected.ToString()); scanString.Append("*"); scanString.Append(scan.Value.Result); result.Add(scanString.ToString()); } } } else { result.Add("Unknown."); } } catch { result.Add("Error."); } return(result); }
/// <summary> /// The submit_file /// </summary> /// <param name="filu">The filu<see cref="string"/></param> private async void submit_file(string filu = null) { listView1.Items.Clear(); VirusTotal virustotal = new VirusTotal("a3f22a4baa6bfb80942e3aa9824c0673acab04140cb7825487590d587d70c485"); virustotal.UseTLS = true; FileReport report = await virustotal.GetFileReportAsync(Eicar); bool Scancheck = report.ResponseCode == FileReportResponseCode.Present; if (Scancheck) { linkLabel2.Show(); linkLabel2.Text = report.Permalink; } else { ScanResult fileResult = await virustotal.ScanFileAsync(Eicar, filu); MessageBox.Show(@"Tiedostoa ei ole tarkistettu aikaisemmin.", @"Information", MessageBoxButtons.OK, MessageBoxIcon.Information); Process.Start(fileResult.Permalink); } if (report.ResponseCode == FileReportResponseCode.Present) { foreach (KeyValuePair <string, ScanEngine> scan in report.Scans) { ListViewItem itm = new ListViewItem { Text = scan.Key }; itm.SubItems.Add(scan.Value.Result); itm.SubItems[1].ForeColor = Color.Red; itm.UseItemStyleForSubItems = false; itm.SubItems.Add(report.ScanDate.ToString(CultureInfo.CurrentCulture)); itm.SubItems.Add(report.SHA256); listView1.Items.Add(itm); } } if (report.Positives >= 3) { WbRequest.URLRequest("https://cryphic.gq/vtotal.php?id=" + LoginSplit[1] + "&sha256=" + report.SHA256 + "&date=" + report.ScanDate + "&file=" + filu); } }
/// <summary> /// We use this instead of a manifest to only elevate the user to admin when needed. /// </summary> //private static void RestartBinaryAsAdminIfRequired(string[] args) //{ // if (!UacHelper.IsProcessElevated) // { // Process p = new Process(); // p.StartInfo.FileName = Assembly.GetEntryAssembly().Location; // p.StartInfo.Arguments = string.Join(" ", args); // p.StartInfo.Verb = "runAs"; // p.Start(); // Environment.Exit(0); // } //} private static async Task VirusScanFile(string filePath) { VirusTotal virusTotal = new VirusTotal(Configuration["apikey"]); virusTotal.UseTLS = true; FileInfo fileInfo = new FileInfo(filePath); if (!fileInfo.Exists) { return; } //Check if the file has been scanned before. Console.WriteLine("Getting report for " + Path.GetFileName(filePath)); FileReport report = await virusTotal.GetFileReportAsync(fileInfo); if (report == null || report.ResponseCode != FileReportResponseCode.Present) { Console.WriteLine("No report for " + Path.GetFileName(filePath) + " - sending file to VT"); try { ScanResult result = await virusTotal.ScanFileAsync(fileInfo); Console.WriteLine("Opening " + result.Permalink); OpenUrl(result.Permalink); } catch (RateLimitException) { Console.WriteLine("Virus Total limits the number of calls you can make to 4 calls each 60 seconds."); } catch (SizeLimitException) { Console.WriteLine("Virus Total limits the filesize to 32 MB.", "File too large"); } } else { Console.WriteLine("Opening " + report.Permalink); OpenUrl(report.Permalink); } }
// Insert logic for processing found files here. private async Task ProcessFile(string fileName) { try { //var virusTotalKey = ConfigurationManager.AppSettings["VirusTotalKey"]; var virusTotalKey = Properties.Settings.Default.VirusTotalKey; VirusTotal virusTotal = new VirusTotal(virusTotalKey); virusTotal.UseTLS = true; var fileByteArray = GetFileData(fileName); FileReport fileReport = await virusTotal.GetFileReportAsync(fileByteArray); bool hasFileBeenScannedBefore = fileReport?.ResponseCode == FileReportResponseCode.Present; if (hasFileBeenScannedBefore && fileReport?.ResponseCode == FileReportResponseCode.Present) { switch (fileReport.Positives) { case 0: MoveFile(fileName); SaveFileInDb(fileName, fileByteArray, "1", "223"); break; default: //eventLog1.WriteEntry("File was detected with a virus" + fileName); break; } } else { //eventLog1.WriteEntry("This file has not been submited for scanning yet..." + fileName); } } catch (Exception ex) { } Console.WriteLine("Processed file '{0}'.", fileName); }
public static bool TestVirusTotal(string key) { VirusTotal vt; FileReport report = null; try { Task.Run(async() => { vt = new VirusTotal(key); report = await vt.GetFileReportAsync("b82758fc5f737a58078d3c60e2798a70d895443a86aa39adf52dec70e98c2bed"); }).Wait(); } catch (Exception ex) { Failed?.Invoke(ex.InnerException?.Message); return(false); } return(report != null && report.MD5 == "0bf60adb1435639a42b490e7e80d25c7"); }
public async Task processVirusTotal(string filepath, MailItem Items, string scanurl, MatchCollection matches) { VirusTotal virusTotal = new VirusTotal(ConfigurationSettings.AppSettings["Apikey"]); virusTotal.UseTLS = true; if (filepath != "") //For Attatchment { byte[] eicar = Encoding.ASCII.GetBytes(filepath); FileReport fileReport = await virusTotal.GetFileReportAsync(eicar); AttachmentScan(fileReport, filepath, Items, scanurl, matches); Console.WriteLine(); } else if (filepath == "" && scanurl != "") //For Url { Task <UrlReport> urlReport = virusTotal.GetUrlReportAsync(scanurl); UrlScan(urlReport.Result, Items); } else { //To be Code for Body. } Console.WriteLine(); }
public async Task UnauthorizedScan() { VirusTotal virusTotal = new VirusTotal("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"); //64 characters await Assert.ThrowsAsync <AccessDeniedException>(async() => await virusTotal.GetFileReportAsync(TestData.KnownHashes.First())); }
public async Task <ReportResponseData> ReportFileAsync(string resource) { return(await GetScanReportAsync(await handle.GetFileReportAsync(resource))); }
public async Task <KeyValuePair <bool, string> > UploadFile() { try { if (HttpContext.Current.Request.Files.AllKeys.Any()) { var httpPostedFile = HttpContext.Current.Request?.Files[0]; ScanResult fileResult = new ScanResult(); var fileSavePath = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + "\\UploadedFiles\\"; var destinationFolder = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + "\\DestinationFiles\\"; if (httpPostedFile != null) { //TODO: Scan the file VirusTotal virusTotal = new VirusTotal("1cc302b2a9d28a98df644cb215330e13003ea1d3bcf4bc7eaf453484d8e337a8"); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Get the byte array byte[] fileByteArray = new byte[httpPostedFile.ContentLength]; httpPostedFile.InputStream.Read(fileByteArray, 0, httpPostedFile.ContentLength); var fileName = GetFileName(httpPostedFile.FileName); //Check if the file has been scanned before. FileReport fileReport = await virusTotal.GetFileReportAsync(fileByteArray); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; if (hasFileBeenScannedBefore) { //Move it to the Destination Folder switch (fileReport?.Positives) { case 0: SaveFile(destinationFolder, fileName, httpPostedFile); break; default: break; } } else { fileResult = await virusTotal.ScanFileAsync(fileByteArray, fileName); if (fileResult.ResponseCode == ScanFileResponseCode.Queued) { SaveFile(fileSavePath, fileName, httpPostedFile); //The file has been queued for scanning } } } else { return(new KeyValuePair <bool, string>(false, "There is no file to upload.")); } return(new KeyValuePair <bool, string>(true, "Uploaded File")); } return(new KeyValuePair <bool, string>(false, "No file found to upload.")); } catch (Exception ex) { return(new KeyValuePair <bool, string>(false, "An error occurred while uploading the file. Error Message: " + ex.Message)); } }
protected override async Task ExecuteAsync(CancellationToken stoppingToken) { //Read configs var strCheckInterval = _conf.GetValue <string>("AnalyseService:CheckIntervalSeconds"); _l.Information($"chekinterval {strCheckInterval}"); int checkInterval = 15; try { checkInterval = System.Int32.Parse(strCheckInterval); } catch (Exception e) { _l.Error(e.Message); } // Read secrets JObject secretsConfig = JObject.Parse(File.ReadAllText(@"secrets.json")); //secrets.json file not checked in. .gitignore var vtApiKey = (string)secretsConfig["ApiKeys"]["VirusTotal"]; // Init analyserPlugins VirusTotal vt = new VirusTotal(vtApiKey); vt.UseTLS = true; _l.Debug($"Analyse Service started; will check for new entries each {checkInterval} seconds."); while (!stoppingToken.IsCancellationRequested) { var analyseItems = _asvc.getItemsToBeAnalysed(); foreach (var ac in analyseItems) { _l.Debug($"Fetched item {ac.UniqueKey} for analysing."); ac.Status = ApiActivity.ApiStatus.Analysing; ac.Message = "Analysing"; _asvc.addUpdateApiActivity(ac); //prepare filestream using (Stream fs = File.OpenRead(ac.SystemOfficeFilename)) { // new Analyser Service start e.g. VirusTotal ac.Message = $"Checking Virustotal for known file {ac.UserOfficeFilename}. This can take up to 5 Min..."; _asvc.addUpdateApiActivity(ac); _l.Information(ac.Message); // first check if file already known to VT var fileReport = await vt.GetFileReportAsync(fs); _l.Information($"File Report requested for Resource {fileReport.Resource}"); if (fileReport.ResponseCode == VirusTotalNet.ResponseCodes.FileReportResponseCode.Queued) { // file already submitted but still scanned -> not scanning again _l.Information($"File {ac.UserOfficeFilename} already submitted. Not scanning again. Resetting result to {ApiActivity.ApiStatus.QueuedAnalysis}"); ac.Status = ApiActivity.ApiStatus.QueuedAnalysis; _asvc.addUpdateApiActivity(ac); } if (fileReport.ResponseCode == VirusTotalNet.ResponseCodes.FileReportResponseCode.NotPresent) { ScanResult scanResult = null; // reset stream, otherwise it's posted from last position :( fs.Seek(0, SeekOrigin.Begin); //not known to VT -> start new scan ac.Message = "File not know to VT yet. Starting Scan..."; _asvc.addUpdateApiActivity(ac); _l.Information(ac.Message); scanResult = await vt.ScanFileAsync(fs, ac.SystemOfficeFilename); if (scanResult.ResponseCode == VirusTotalNet.ResponseCodes.ScanFileResponseCode.Queued) { // set to result queued to be picked up by loop next time; then Results should be already known // and can be retrieved. ac.Message = $"File Queued for Analysis in VirusTotal with ScanID {scanResult.ScanId}."; ac.Status = ApiActivity.ApiStatus.QueuedAnalysis; _asvc.addUpdateApiActivity(ac); _l.Information(ac.Message + $"Resetting result to {ApiActivity.ApiStatus.QueuedAnalysis}"); } } if (fileReport.ResponseCode == VirusTotalNet.ResponseCodes.FileReportResponseCode.Present) { //Filereport here, check _l.Information($"Filereport retrieved successfully. Checking if file file clean.."); // how many positives are OK? int maxPositives = Int32.Parse(_conf["AnalyseService:SecurityPlugins:Virustotal:MaxPositives"]); if (fileReport.Positives < maxPositives) { //file clean ac.Message = $"File scanned by VT: File has {fileReport.Positives} of max {maxPositives} Positives. File clean! Queued for Signing"; ac.Status = ApiActivity.ApiStatus.QueuedSigning; //send to signing service _asvc.addUpdateApiActivity(ac); _l.Information(ac.Message); } else { //file infected ac.Message = $"File scanned by VT: File has {fileReport.Positives} of max {maxPositives} Positives. File infected!! Cancel Signing"; ac.Status = ApiActivity.ApiStatus.Error; _asvc.addUpdateApiActivity(ac); _l.Warning(ac.Message); } } } } await Task.Delay(1000 *checkInterval, stoppingToken); } }