This endpoint is available in the Private API only.
This endpoint allows you to retrieve a live feed of absolutely all uploaded files to VirusTotal, and download them for further scrutiny, along with their full reports. It requires you to stay relatively synced with the live submissions as only a backlog of 24 hours is provided at any given point in time.
package argument indicates a time window to pull reports on all items received during such window. Only per-minute and hourly windows are allowed, the format is %Y%m%dT%H%M (e.g.
20160304T0900) or %Y%m%dT%H (e.g.
20160304T09). Time is expressed in UTC.
The response is a bzip2 compressed tarball. For per-minute packages the compressed package contains a unique file, the file contains a JSON per line, this JSON is a full report on a given file processed by VirusTotal during the given time window. The file report follows the exact same format as the response of the /file/report endpoint when
allinfo=true is provided. For hourly packages, the tarball contains 60 files, one per each one-minute window.
To download a given file you would then perform an HTTP GET request to the URL provided in the link property of an individual report. Do not use the /file/download endpoint to retrieve the corresponding file, please use the link embedded in this response, it is far more efficient.