virusbattle-sdk / Querying Information
ACTION: QUERY INFORMATION
To query information about a filehash use the following command:
vbclient.py -a query [--norecursive] arg ...
An arg in this command is a filehash. The
--norecursive option asks
vbclient.py to not to recursively query information about all of the
children. The following describes the meaning of the
children of a file.
Archive Files: The children of an archive file (such as zip) are obvious. They are the set of all FILES contained in that archive. VirusBattle does not maintain the directory structure of the uncompressed zip file. Though it does maintain the relative path within the archive from which a file is extracted. The relative path may be used to match a file on VirusBattle to a specific file in the archive, in addition to the sha1 filehash identifiers.
Binary files: Though a binary file is are not an archive, in VirusBattle it may also have children. The children of a binary file are other binaries generated from unpacking it. A binary may have multiple children resulting from unpacking it multiple times. In most cases the children may have insignificant differences, yet yielding different hashes and hence considered different.
The result of the query for a hash consists of a variety of information including its list of parents and children.
Query info for filehash only
vbclient.py -a query --norecursive filehash
Recursively query info, use filehashes stored in UploadedHashes.txt
vbclient.py -a query
Check if a file is already on virusbattle.
filehash=`sha1sum filename | cut -f 1 -d ' '` vbclient.py -a query --norecursive $filehash
Recursively query all information for a file.
vbclient.py -a query <sha1>