Integration VirusTotal
18 views
Skip to first unread message
Yogi Valentino
1:56 AM (6 hours ago) 1:56 AM
to Wazuh | Mailing List
I was integrating Wazuh with virus total, at first it was working fine but lately they're not sending anymore. I'm looking for the issue and i found something like this on the log
Dec 1, 2025 @ 16:37:49.000 wazuh-integratord INFO (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... Dec 1, 2025 @ 16:38:04.000 wazuh-integratord INFO Started (pid: 838087). Dec 1, 2025 @ 16:38:04.000 wazuh-integratord ERROR Unable to enable integration for: 'virustotal'. File not found inside 'integrations'. And i found it's inside the integrations
root: /var/ossec/integrations# ls -l
total 68
-rwxr-x--- 1 root ossec 1045 Sep 23 18:13 maltiverse
-rwxr-x--- 1 root ossec 20124 Sep 23 18:13 maltiverse.py
-rwxr-x--- 1 root ossec 1045 Sep 23 18:13 pagerduty
-rwxr-x--- 1 root ossec 6449 Sep 23 18:13 pagerduty.py
-rwxr-x--- 1 root ossec 1045 Sep 23 18:13 shuffle
-rwxr-x--- 1 root ossec 7249 Sep 23 18:13 shuffle.py
-rwxr-x--- 1 root ossec 1045 Sep 23 18:13 slack
-rwxr-x--- 1 root ossec 6835 Sep 23 18:13 slack.py
-rwxr-x--- 1 root ossec 14 Nov 29 14:15 virustotal
-rwxr-x--- 1 root ossec 14 Nov 29 14:16 virustotal.py
did i miss something?
Dec 1, 2025 @ 16:37:49.000 wazuh-integratord INFO (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... Dec 1, 2025 @ 16:38:04.000 wazuh-integratord INFO Started (pid: 838087). Dec 1, 2025 @ 16:38:04.000 wazuh-integratord ERROR Unable to enable integration for: 'virustotal'. File not found inside 'integrations'. And i found it's inside the integrations
root: /var/ossec/integrations# ls -l
total 68
-rwxr-x--- 1 root ossec 1045 Sep 23 18:13 maltiverse
-rwxr-x--- 1 root ossec 20124 Sep 23 18:13 maltiverse.py
-rwxr-x--- 1 root ossec 1045 Sep 23 18:13 pagerduty
-rwxr-x--- 1 root ossec 6449 Sep 23 18:13 pagerduty.py
-rwxr-x--- 1 root ossec 1045 Sep 23 18:13 shuffle
-rwxr-x--- 1 root ossec 7249 Sep 23 18:13 shuffle.py
-rwxr-x--- 1 root ossec 1045 Sep 23 18:13 slack
-rwxr-x--- 1 root ossec 6835 Sep 23 18:13 slack.py
-rwxr-x--- 1 root ossec 14 Nov 29 14:15 virustotal
-rwxr-x--- 1 root ossec 14 Nov 29 14:16 virustotal.py
did i miss something?
hariha...@wazuh.com
4:57 AM (3 hours ago) 4:57 AM
to Wazuh | Mailing List
Hi Yogi
Valentino,
Your Virustotal integration files are broken.
Both virustotal and virustotal.py are only 14 bytes, which means the actual script is missing. Because of that, wazuh-integratord says:
“Unable to enable integration… File not found inside ‘integrations’.”
Additionally, the ownership (root ossec) is incorrect; Wazuh now uses the wazuh user/group.
Quick fix:-
Restore the real Virustotal files
Copy them again from a clean Wazuh installation, repo, or your backup. -
Set correct permissions
chown root:wazuh /var/ossec/integrations/virustotal*
chmod 750 /var/ossec/integrations/virustotal* -
Restart Wazuh Manager
systemctl restart wazuh-manager
Once the full script is restored and permissions are fixed, the integration will load normally.
hariha...@wazuh.com
4:58 AM (3 hours ago) 4:58 AM
to Wazuh | Mailing List
Reference Links:
VirusTotal integration
Detecting and removing malware using VirusTotal integration
VirusTotal integration
Detecting and removing malware using VirusTotal integration
On Monday, December 1, 2025 at 12:26:27 PM UTC+5:30 Yogi Valentino wrote:
Yogi Valentino
5:52 AM (2 hours ago) 5:52 AM
to Wazuh | Mailing List
Hello Harihar,
Do you know where do i get the Restored Virustotal files? I can't just reinstalled the wazuh-manager since i have already done many things in it
Thank you
Do you know where do i get the Restored Virustotal files? I can't just reinstalled the wazuh-manager since i have already done many things in it
Thank you
Reply all
Reply to author
Forward
0 new messages