利用python和VirusTotal的API接口写的在线样本扫描的脚本

import requestsimport sysimport osimport time# 简单实现 将批量的Sha256 上传到https://www.virustotal.com/ 进行病毒分析,在JSON中返回结果40多家vendor的结果VT_Unknown=set()def CheckVT():    try:        sha2file=open(sys.argv[2],"r")        info = open("CheckVT_error.log","w") # if time out ,we can find here    except IOError,e:        print e    index = 0    success=0    ttt=0    while True:        shalist=''        number = 0        while True:            sha=sha2file.readline()            #print sha            if len(sha)<10:                break            index=index+1            sha=sha.replace('\n','')            sha=sha.replace('\r','')            shalist=shalist+'%s,'%(sha)            number = number + 1            if number == 25:                break        if len(shalist)==0:            break        params = {'apikey': '968e3bc6d33c79c2b957696cf53b3f7c9c607411ee623e67dd3b57d52f8986e4', 'resource': '%s'%(shalist)}        try:            response = requests.get('https://www.virustotal.com/vtapi/v2/file/report', params=params)            json_response_list = response.json()        except:            print >> info,'Query fail:%s'%(shalist)            continue        for json_response in json_response_list:            sha = json_response['resource']            #print json_response            positives = int(json_response['positives'])            try:                if json_response['scans']['Symantec']['detected']:                    #print json_response['scans']['Symantec']['detected']                    positives = positives-1            except:                pass            if json_response['response_code']==1 and positives < 2 :  # least 3 vendor convict                #print positives                VT_Unknown.add(sha+"\n" )                success=success+1        sys.stdout.write("\rProcess:%d. Result: %d"%(index,success))        sys.stdout.flush()    info.close()    sha2file.close()    print "VT_Unknown\n",len( VT_Unknown), VT_Unknown    resultfile = open(sys.argv[2],'w')    resultfile.writelines(ManualLabel_result)    resultfile.close()    return