We are excited to start the Virus Total plugin as part of the Office 365 Analysis Workflow but have concerns about whether we’d be compliant with the Virus Total Public API terms of service specifically the part where they say it “Must not be used in business workflows, commercial products or services.”
We are a university and university’s are in a weird spot where we are technically a charity (non-profit) but in other contexts would be viewed as a business.
I realise you can’t speak for Virus Total but can you share the experience of others using the free API since all the Rapid7 documentation enthusiastically suggests using the free public API? We want to avoid being handed a large back dated bill at some point in the future …
Hey @pkirwan! I wanted to let you know that the InsightConnect team is investigating this further on our side. We don’t want to lead you down an uncertain path with your usage of VirusTotal, so we want to make sure we get you an accurate answer, given your university status.
Appreciate you reaching out to us on this. Let me know if you have additional questions or info in the meantime.
I am not with legal and you should definitely reach out to your own council for further analysis of the terms of conditions. That being said, I believe the key wording in the TOC is around business and commercial uses of the API. If you are using the API as part of a product you are selling to others you will need to pay for use of the API. If you are using the API for internal security purposes it should fall in line with the TOC.