Ntop Upgrade with File Carving and Virus Total API
We just completed an Ntop upgrade that removes some bugs and added much better file carving functionality. The upgrade also allows to interface to Virus Total to check if the extracted files contain known malicious patterns. Certain files will have a down arrow and an up arrow associated with them. The up arrow will send the content to Virus Total for scanning and the down arrow will ask Virus Total if the file is known to have malicious patterns. Check with the down arrow first. If the content is not known by Virus Total, click on the up arrow, wait a few minutes and then click on the down arrow to see the result of the scan. As always, do not hesitate to send email to email@example.com if you run into any problems or if you have questions.
Next time you restart your sensor you will see a message indicating some commands to execute; just cut and paste the commands on the command line to perform the upgrade.