adding virus total check

scripts/check_virustotal.sh

@@ -0,0 +1,113 @@
+#!/bin/bash
+
+# Script to check a file against VirusTotal API
+# Requires: curl, jq
+# Environment variable: virustotal_apikey
+
+set -e
+
+# Configuration
+FILE_PATH="${VIRUS_TOTAL_FILE:-vision-start.zip}"
+API_KEY="${virustotal_apikey}"
+BASE_URL="https://www.virustotal.com/vtapi/v2"
+
+# Check if API key is set
+if [ -z "$API_KEY" ]; then
+    echo "Error: virustotal_apikey environment variable is not set"
+    exit 1
+fi
+
+# Check if file exists
+if [ ! -f "$FILE_PATH" ]; then
+    echo "Error: File $FILE_PATH not found"
+    exit 1
+fi
+
+# Check if required tools are available
+if ! command -v curl &> /dev/null; then
+    echo "Error: curl is required but not installed"
+    exit 1
+fi
+
+if ! command -v jq &> /dev/null; then
+    echo "Error: jq is required but not installed"
+    exit 1
+fi
+
+echo "Uploading $FILE_PATH to VirusTotal for analysis..."
+
+# Upload file to VirusTotal
+UPLOAD_RESPONSE=$(curl -s -X POST \
+    -F "apikey=$API_KEY" \
+    -F "file=@$FILE_PATH" \
+    "$BASE_URL/file/scan")
+
+# Extract scan_id from response
+SCAN_ID=$(echo "$UPLOAD_RESPONSE" | jq -r '.scan_id')
+
+if [ "$SCAN_ID" == "null" ] || [ -z "$SCAN_ID" ]; then
+    echo "Error: Failed to upload file or get scan ID"
+    echo "Response: $UPLOAD_RESPONSE"
+    exit 1
+fi
+
+echo "File uploaded successfully. Scan ID: $SCAN_ID"
+echo "Waiting for analysis to complete..."
+
+# Wait for analysis to complete and get results
+MAX_ATTEMPTS=30
+ATTEMPT=0
+SLEEP_INTERVAL=10
+
+while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
+    echo "Checking analysis status (attempt $((ATTEMPT + 1))/$MAX_ATTEMPTS)..."
+    
+    # Get scan report
+    REPORT_RESPONSE=$(curl -s -X POST \
+        -d "apikey=$API_KEY" \
+        -d "resource=$SCAN_ID" \
+        "$BASE_URL/file/report")
+    
+    # Check if analysis is complete
+    RESPONSE_CODE=$(echo "$REPORT_RESPONSE" | jq -r '.response_code')
+    
+    if [ "$RESPONSE_CODE" == "1" ]; then
+        # Analysis complete
+        echo "Analysis completed!"
+        
+        # Extract results
+        POSITIVES=$(echo "$REPORT_RESPONSE" | jq -r '.positives')
+        TOTAL=$(echo "$REPORT_RESPONSE" | jq -r '.total')
+        PERMALINK=$(echo "$REPORT_RESPONSE" | jq -r '.permalink')
+        
+        echo "Analysis URL: $PERMALINK"
+        echo "Detection ratio: $POSITIVES/$TOTAL"
+        
+        # Check if file is safe
+        if [ "$POSITIVES" -eq 0 ]; then
+            echo "✅ File is clean (no threats detected)"
+            exit 0
+        else
+            echo "❌ File contains threats ($POSITIVES detections out of $TOTAL scanners)"
+            exit 1
+        fi
+    elif [ "$RESPONSE_CODE" == "0" ]; then
+        # File not found or analysis not complete yet
+        echo "Analysis still in progress..."
+    elif [ "$RESPONSE_CODE" == "-2" ]; then
+        # Still queued for analysis
+        echo "File still queued for analysis..."
+    else
+        echo "Unexpected response code: $RESPONSE_CODE"
+        echo "Response: $REPORT_RESPONSE"
+        exit 1
+    fi
+    
+    ATTEMPT=$((ATTEMPT + 1))
+    if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then
+        sleep $SLEEP_INTERVAL
+    fi
+done
+
+echo "Timeout: Analysis did not complete within expected time"
+exit 1