ownCloud and VirusTotal Integration

ownCloud-VTFor a few days, I switched from DropBox to ownCloud and I’m now playing more with the available ‘apps‘. Besides the privacy context, ownCloud seduced me with its add-on feature. Is it possible to install external plug-ins (called ‘apps‘) to add new or improve native features. Of course, downloading and enabling apps (read: code written by 3rd parties) in your applications can be risky, keep always in mind that they could have huge impacts and introduce security issues.

My ownCloud instance is used to make some of my documents and data available from any place but I’m also using it to collect data. When I detect a suspicious file while browsing the web, while using a friend’s computer, I always upload this file to my ownCloud for further analysis. To automate some tasks, I tested some apps already available like:

  • checksum – which comes in two versions: one which generate the MD5 hash of the file, the other generate the SHA1 hash.
  • antivirus – which scans uploaded files with ClamAV.

Having the hash is nice but limited. ClamAV is far from being the most powerful antivirus solution. That’s why I decided to learn how apps are working and wrote my first one! This first app is based on the ‘checksum‘ one, it computes the MD5 hash of files and then it checks against VirusTotal if the MD5 is known. If it’s the case, it displays the file score as seen in the screenshot below:

ownCloud-VT
(Click to enlarge)

I did not re-invent the wheel and simple used the PHP API developed by Andreas Breitschopp. Of course, you will need an account on VirusTotal and an API key. I published the app on the official repository: http://apps.owncloud.com/content/show.php/owncloud-virustotal?content=161310.

Some features to add:

  • Send new files to VirusTotal for analyze
  • Make the API key configurable with the settings page (to prevent editing the source code)

If you’ve ideas, let me know!

 

3 comments

  1. Ah, I will reply to myself; because the files are encrypted the checksum will fail at VT.
    It would be better when the file is POST-ed that the checksum of the file is first checked against VT and then encrypted and the results shown in the File list but I guess that introduces some changes in the owncloud code 😉
    PS..your plugin works like a charm with 7.0.2! Thanks for the great plugin!

    Regards,

    Michiel

  2. Hi Xavier,

    I know the plugin is a bit old but I was wondering if the app still works with the current owncloud version (7.0.2).
    I enabled the plugin, changed the API key with the one I got under my profile but not mather which file I scan – I receive a VT: File not found message.
    When I upload the same file via virustotal.com the file is scored correctly.
    Is it perhaps because I enabled the encryption plugin and the hash of the encrypted file is checked against the VT database? (which is a good DOH! moment for me 😉 ).
    If so, please add it to your documentation so others won’t make this mistake 🙂
    Also there is a small typo in your README.md: ‘- Edit ajax/virustotal.com and add your VT API key (line 17).’ must be ajax/virustotal.php

    Regards,

    Michiel

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.