BFSG VirusTotal
BFSG VirusTotal MCP server provides API access to VirusTotal for scanning files, URLs, and IPs against 70+ antivirus engines. It retrieves scan reports, detection ratios, and threat details. Security analysts and developers integrate it for automated malware checks in pipelines or applications.
Overview
The BFSG VirusTotal MCP server (bfsg-virustotal-mcp) connects AI models to VirusTotal's malware intelligence platform via the Model Context Protocol. It enables querying VirusTotal's vast database of over 70 antivirus scanners for real-time and historical threat analysis without direct API keys in the model context.
Key Capabilities
- scan_file: Submits file hashes or uploads for multi-engine scanning, returning scan IDs for polling results.
- scan_url: Analyzes URLs for malicious payloads, phishing, or redirects.
- get_file_report: Fetches detailed reports including positives/negatives, community scores, and sandbox behaviors for file hashes.
- get_url_report: Retrieves URL scan history, categories, and threat classifications.
- ip_search: Queries IP addresses for associated malware or C2 communications.
These functions mirror VirusTotal's core API endpoints, adapted for MCP tool calls.
Use Cases
- Pre-upload File Validation: Use scan_file and get_file_report in a file-sharing app to block malware before storage.
- URL Sanitization in Chatbots: Invoke scan_url to check links in user messages and warn on malicious ones.
- Threat Hunting Workflow: Chain ip_search and get_file_report to investigate IOCs from logs.
- CI/CD Security Gates: Integrate scan_url for dependency URLs during builds to detect supply-chain attacks.
Who This Is For
Security engineers building threat detection tools, DevSecOps teams automating scans, malware researchers querying samples, and developers embedding VirusTotal checks in web/mobile apps. Requires a VirusTotal API key configured in the MCP server.