$ sha256sum testfile.pdf
Notes on the use of Virustotal
Virustotal is a service provided by Google. Any files can be uploaded there, which are then scanned by over 70 virus scanners and shared with various IT security services and antivirus software manufacturers.
In concrete terms, this means that documents uploaded to Virustotal are published in the aforementioned circles and thus the confidentiality of the data is no longer guaranteed.
For this reason, confidential data should not be scanned using the Virustotal service. Exclusively data and files that are publicly accessible anyway and, for example, originate from non-access-protected web presences and download sites or from social media presences do not pose a problem.
It is not allowed to upload files containing personal data, trade secrets or other information worthy of protection to Virustotal. This includes, but is not limited to, the following documents:
- Application documents
- Emails
- Student workpapers
- non-public images or videos, which often include location information, smartphone or camera model, and other circumstantially sensitive information in addition to the person depicted.
The advantage of Virustotal is that data that has already been made public can be checked there. For example, if one has downloaded a software or a document from the publicly accessible Internet, these files can be checked at Virustotal and it can be ensured that the files are free of known viruses or other already known malware.
However, you should be aware that Google learns from your upload or even search for already scanned files, among other things, that you use and own this file. You should not use Virustotal if you do not want to share this information.
Information for admins
It is not allowed to upload data to Virustotal automatically, it is not possible to check for confidentiality in this case. It is therefore not possible to ensure that no personal, confidential or even confidential data is included in the automated upload.
This applies, for example, to automated scanning of quarantine directories, spam folders, content of storages and other such data repositories.
After accidentally uploading confidential data
If you have uploaded confidential data to Virustotal, you should request deletion of the data as a damage limitation measure, as well as contact the Data Protection Office.
Since the data has been shared with a lot of people before, it is likely that not all copies will be deleted even after a successfully requested deletion.
-
Requesting deletion of confidential data from Virustotal
Determining the hash value of the file
When uploading files to be scanned, Virustotal automatically generates a hash value for the uploaded file (SHA256).
The link to the then permanently retrievable scan results for this file is constructed using this hash value.Example of hash value determination (Linux):
sha256sum applied to testfile.pdf:
results in the following output:
af302773c3068b5c286410e2ff7235578402f48839d77a9fd232ca2035fe6df6 testfile.pdf
If the file name contains spaces or special characters, enclose the file name with apostrophe characters:
'File-N@me with special characters.pdf'$ sha256sum 'File-N@me with special characters.pdf'
Example of hash value determination (Windows):
In the file manager, open the folder of the file.
Hold down the Shift key and right-click on a free area in the file view.
A context menu will open. Select the item "Open PowerShell window here".
![Screenshot of the context menu]()
![Screenshot of the context menu]()
![Screenshot of the context menu]()
Enlarge the window that opens and enter the following code:
Get-FileHash .\Test-Document.odt
![]()
![]()
![]()
Replace .\Test-Document.odt with the file name of the desired file. If desired, you can also enter the beginning of the file name and use the Tab key to complete the rest.
After confirming with the return key, you can select the hash value displayed and copy it with the key combination Ctrl+C.
Create link
Links to the search results of already uploaded files can then be found at:
Replace <sha256_value_filename> with the previously generated hash value.
So in our example for testfile.pdf:
https://www.virustotal.com/gui/file/af302773c3068b5c286410e2ff7235578402f48839d77a9fd232ca2035fe6df6Contact Virustotal
The link to the file must be provided in the deletion request to Virustotal in the contact form, including a brief description of the reasons for which you want it deleted.
Virustotal will review your request and whether the deletion of the file and the associated scan result is justified. Stating that private data of third parties is involved and that the upload was done accidentally and without their knowledge and consent is usually a reason that will be accepted.
If you no longer have the link to the results page of your accidentally uploaded file, you can find the page again using the file's hash value by searching Virusstotal.
Link to Virustotal's privacy policy page, where the contact form is linked.Link to the contact form directly, the following subject should be chosen: "I have accidentally uploaded something private".
After sending the contact form, you will first receive a confirmation of receipt of your request:
![]()
![]()
![]()
As soon as your request for deletion has been approved, you will be informed about it again by mail:
![]()
![]()
![]()
Afterwards, you can check if the scan results are still available using the results URL or the search function on the Virustotal website.
![]()
![]()
![]()
Contact
IT Security
Security team
IT Security
Security team