https://github.com/gdatasoftwareag/vaas
Verdict-as-a-Service SDKs: Analyze files for malicious content
https://github.com/gdatasoftwareag/vaas
antivirus g-data it-security malware malware-analysis malware-detection security
Last synced: 4 months ago
JSON representation
Verdict-as-a-Service SDKs: Analyze files for malicious content
- Host: GitHub
- URL: https://github.com/gdatasoftwareag/vaas
- Owner: GDATASoftwareAG
- License: mit
- Created: 2022-02-01T15:28:14.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2026-02-18T09:15:28.000Z (4 months ago)
- Last Synced: 2026-02-18T22:37:26.797Z (4 months ago)
- Topics: antivirus, g-data, it-security, malware, malware-analysis, malware-detection, security
- Language: Go
- Homepage: https://www.gdata.de/business/security-services/verdict-as-a-service
- Size: 55.6 MB
- Stars: 38
- Watchers: 6
- Forks: 10
- Open Issues: 10
-
Metadata Files:
- Readme: Readme.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://github.com/GDATASoftwareAG/vaas/actions/workflows/ci-dotnet.yaml)
[](https://github.com/GDATASoftwareAG/vaas/actions/workflows/ci-java.yaml)
[](https://github.com/GDATASoftwareAG/vaas/actions/workflows/ci-python.yaml)
[](https://github.com/GDATASoftwareAG/vaas/actions/workflows/ci-php.yaml)
[](https://github.com/GDATASoftwareAG/vaas/actions/workflows/ci-golang.yaml)
[](https://github.com/GDATASoftwareAG/vaas/actions/workflows/ci-rust.yaml)
# Verdict-as-a-Service
*Verdict-as-a-Service* (VaaS) is a cloud service that provides capabilities to scan files for malware and other threats. It allows you to easily integrate malware detection in your application with a few lines of code. You can use VaaS to secure any scenario where a file is exchanged or stored, such as:
- Upload forms with file submissions
- Collaboration software like MS Teams, Nextcloud or Slack
- Backup and distributed file storage like Dropbox or OneDrive
With minimal effort, you can check a file, URL or hashsum for malicious content. No local installation of any anti-malware product is necessary. VaaS works out of the box, by providing detections from the G DATA cloud. Hosting VaaS on your own Kubernetes cluster, is an option as well.
This repository contains Software Development Kits (SDKs) for VaaS in several programming languages. The SDKs allow you to easily integrate VaaS into your software. Some examples are below:
## Examples
### C#
```c#
// Setup
var authenticator = new ResourceOwnerPasswordGrantAuthenticator("vaas-customer", userName, password, tokenUrl);
var vaas = VaasFactory.Create(authenticator);
// Scan a file...
var verdict = await vaas.ForFileAsync(file, CancellationToken.None);
// or a URL...
var verdict = await vaas.ForUrlAsync(uri, CancellationToken.None);
// or just a SHA256 hash
var verdict = await vaas.ForSha256Async(new ChecksumSha256("275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"), CancellationToken.None);
```
Full C# examples can be found in [dotnet examples](dotnet/examples/VaasExample).
### Java
```java
// Setup
var authenticator = new ResourceOwnerPasswordGrantAuthenticator("vaas-customer", userName, password, new URI(tokenUrl));
var config = new VaasConfig(new URI(env.vaasUrl));
var vaas = new Vaas(config, authenticator);
// Scan a file...
var verdict = vaas.forFile(file);
// or a URL...
var verdict = vaas.forUrl(url);
// or just a a SHA256 hash
var verdict = vaas.forSha256(new Sha256("275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"));
```
Full Java examples can be found in [java examples](java/examples/VaasExample/).
### More languages
See below for a list of supported languages and examples.
## How to get started with VaaS
If you are interested in trying out VaaS, please check out [our website](https://www.gdatasoftware.com/business/security-services/verdict-as-a-service) ([German version](https://www.gdata.de/business/security-services/verdict-as-a-service)).
We provide free trial accounts for evaluation purposes with our cloud version of VaaS. You can [sign up here](https://www.gdata.de/vaas-files/vaas-technical-onboarding.html) with a free trial account. You can then use the created credentials with any SDK in combination with our test environment:
* **Authenticator**: ResourceOwnerPasswordGrant
* **Client ID**: vaas-customer
* **Username**: Your registered *email* address
* **Password**: Your password
* **Token/Authenticator URL**: https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token
* **VaaS URL**: https://gateway.staging.vaas.gdatasecurity.de (for SDKs which still use the Websocket API, use wss://gateway.staging.vaas.gdatasecurity.de instead)
For production use of VaaS, please [contact us](https://www.gdata.de/help-en/vaas/contact/) to discuss your needs and explore how VaaS can best fit your organization. VaaS is available both as a cloud version and on-premise.
## VaaS Documentation
We provide an [online documentation](https://www.gdata.de/help-en/vaas/) for VaaS. The documentation includes setup examples, product descriptions and several guides to help you set things up.
## SDKs
We provide SDKs for various programming languages to make it easy for you to integrate VaaS in your application. You can find the source code, examples, and documentation for each SDK in the corresponding repository. Currently, we support the following languages:
|Language|Source Code|Examples|Documentation|Repository|
|--------|-----------|--------|-------------|----------|
|Rust|[Rust SDK](rust/)|[Examples](rust/examples)| [docs.rs](https://docs.rs/vaas/latest/vaas/)|[crates.io](https://crates.io/crates/vaas)|
|Java|[Java SDK](java/)|[Examples](java/examples)| [Readme](java/Readme.md) | [maven central](https://mvnrepository.com/artifact/de.gdata/vaas)|
|PHP|[PHP SDK](php/)|[Examples](php/examples)||[packagist](https://packagist.org/packages/gdata/vaas)|
|TypeScript(DEPRECATED)|[TypeScript SDK](typescript/)|[Examples](typescript/examples)|[Readme](typescript/Readme.md)|[npmjs](https://www.npmjs.com/package/gdata-vaas)
|Python|[Python SDK](python/)|[Examples](python/examples)|[Readme](python/README.md)|[pypi](https://pypi.org/project/gdata-vaas/)|
|.NET|[.NET SDK](dotnet/)|[Examples](dotnet/examples)||[nuget.org](https://www.nuget.org/packages/GDataCyberDefense.Vaas)|
|Ruby (DEPRECATED)|[Ruby SDK](ruby/)|[Examples](ruby/examples)|[Readme](ruby/README.md)|[rubygems](https://rubygems.org/gems/vaas)|
|Go|[Go SDK](golang/vaas/v3)|[Examples](golang/vaas/v3/examples)|[Readme](golang/vaas/v3/README.md)|[Github](https://github.com/GDATASoftwareAG/vaas/tree/main/golang/vaas/v3)|
|C++|[C++ SDK](./cpp/)||[Readme](cpp/README.md)||
The following table shows the functionality supported by each SDK:
|Functionality|Rust|Java|PHP|TypeScript|.NET|Python|Ruby (DEPRECATED)|Golang|C++|
|---|---|---|---|---|---|---|---|---|---|
|Use HTTP API|✅|✅|✅|❌|✅|✅|❌|✅|✅|
|Check SHA256|✅|✅|✅|✅|✅|✅|✅|✅|✅|
|Check File|✅|✅|✅|✅|✅|✅|✅|✅|✅|
|Check URL|✅|✅|✅|✅|✅|✅|✅|✅|❌|
|Check Stream|✅|✅|✅|✅|✅|✅|❌|✅|✅|
||
## Integration Ideas for Malware Detection trough VaaS
You can use VaaS to create various applications that scan for malicious content with a few lines of code. Here are some examples:
- [WordPress Plugin](https://wordpress.org/plugins/gdata-antivirus/) to scan for malware in uploaded files
- [Nextcloud App](https://apps.nextcloud.com/apps/gdatavaas) to scan files in your Nextcloud instance
## Build & Test
The easiest way to build and test the SDKs is with the [Nix Package Manager](https://nixos.org/download/#download-nix) and the provided [Just](https://github.com/casey/just) file. Nix will take care of all dependencies and Just provides a simple interface to run the most common tasks.
To build and test the SDKs, run the following command:
```bash
# switch into a development shell with all dependencies installed.
# This will not alter your system, but provide a shell with all necessary tools.
nix develop
# Now use the Just tool to run the most common tasks
just -l # list all available tasks
# Just Examples
# Run the tests for the Rust SDK
just test-rust
```
There are `test-*`, `build-*`, `clean-*` and `release-*` tasks for each SDK, with the exception of Python and PHP, where no build task is available. You can also run the tests for all SDKs with `just test-all`. A `build-all` and `clean-all` task is available as well.
The `release-*` task triggers a Github Action to build and release a new version of the specified SDK. It needs a version number as an argument, which is used to tag the release. The version number should follow the [Semantic Versioning](https://semver.org/) scheme.
```bash
# Example: Release the Rust SDK with version 0.1.0
just release-rust 0.1.0
```
As the SDKs need credentials to authenticate to the VaaS API. You need to provide them in `.env.https` and `.env.wss` file. Copy your `.env.https` and `.env.wss` files into the root directory of the project. The `.env.https` file should contain the credentials with the Vaas Url set to `https`and the wss file should contain the same credentials, but with a `wss` url instead.
```bash
# Copy the .env.wss and .env.https files to all SDK folders
# to be able to run the integration tests
just populate-env
# If you see any strange error, e.g. not found compiler. Try to clean the project
# and populate the environment again.
just clean-all
just populate-env
```