Virustotal is one of the best security related services that you can access online. You can use it to check files that you upload to the service against the databases of more than 40 different antivirus engines. I use it to verify apps and programs that I review here on Ghacks to make sure that they are clean.
The service has a couple of limitations that need to be mentioned. For one, it is only possible to upload files that do not exceed 32 Megabyte in size. You sometimes may want to scan a larger file and can’t do so on Virustotal unless it is possible to extract the file – if it is an archive for instance – to check the files individually provided that they drop below the 32 Megabyte mark.
The second limitation is that you can only check one file at a time. While that is usually the case, you may want to consider adding multiple files to an archive to check them at once. This may lead to issues if malicious code is found in the archive as you do not really know the culprit right away and need to perform additional scans in this case to find out.
When you check files on Virustotal that have already been scanned previously, you get the option to look at the results of the previous scan. Virustotal computes the hash of the file, compares it with the hashes in the databases and when it finds an identical listing, it offers to display previous results to you.
A click on view last analysis displays the scan results of the previous result. Virustotal displays the data and time of the last scan as well as the detected hits.
You may want to consider clicking on the reanalyse button whenever you want to scan files on Virustotal that have been scanned previously. The reason is simple: the engines used by Virustotal are updated regularly so that a new scan of a file may have different results than the previous scan. While it is usually not necessary if the last scan was run 30 minutes ago, it is recommended to do so if it dates back days.
A new scan may also be helpful if you get results where some engines detected malware while the majority of engines did not. Updates to engines may resolve false positive issues for instance so that you may end up with a better result in the end.