如何在C#中使用VirusTotal.NET库查找文件是否被病毒感染？

我目前在我的C#MVC项目中使用VirusTotal.NET nuget包来扫描上传的文件.我使用的是 https://github.com/Genbox/VirusTotal.NET给出的相同示例

VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");

//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;

//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
byte[] eicar = 
Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

//Check if the file has been scanned before.
FileReport report = await virusTotal.GetFileReportAsync(eicar);

Console.WriteLine("Seen before: " + (report.ResponseCode == FileReportResponseCode.Present ? "Yes" : "No"));

我在上面的代码中将上传文件的字节数组加载到eicar变量.根据给定的例子,它将提供先前扫描或不扫描的文件.但我真正需要的是文件是否被感染.谁能建议我一个解决方案？

检查 UrlReport类,您获得的报告比其代码示例中的响应代码有更多信息.有3个字段看起来很有趣：

/// <summary>
/// How many engines flagged this resource.
/// </summary>
public int Positives { get; set; }

/// <summary>
/// The scan results from each engine.
/// </summary>
public Dictionary<string, UrlScanEngine> Scans { get; set; }

/// <summary>
/// How many engines scanned this resource.
/// </summary>
public int Total { get; set; }

这可能会为您提供您正在寻找的结果. VirusTotal实际上返回多个扫描引擎的结果,其中一些可能检测到病毒,一些可能检测不到.

Console.WriteLine($"{report.Positives} out of {report.Total} scan engines detected a virus.");

您可以使用该数据执行任何操作,例如计算百分比：

var result = 100m * report.Positives / report.Total;
Console.WriteLine($"{result}% of scan engines detected a virus.");

或者只是将大多数正扫描引擎结果视为总体积极结果：

var result = Math.Round(report.Positives / Convert.ToDecimal(report.Total));
Console.WriteLine($"Virus {(result == 0 ? "not detected": "detected")});