From 11efbb3067f6f981873c479c4ad5df0dd2a72b04 Mon Sep 17 00:00:00 2001
From: Salman Mesia <Salman.Mesia@ibm.com>
Date: Thu, 3 Jun 2021 15:54:04 -0400
Subject: [PATCH] Bugfix for safe domains showing up as malicious or suspicious

---
 analyzers/VirusTotal/virustotal.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/analyzers/VirusTotal/virustotal.py b/analyzers/VirusTotal/virustotal.py
index 6f8824e52..20de07163 100755
--- a/analyzers/VirusTotal/virustotal.py
+++ b/analyzers/VirusTotal/virustotal.py
@@ -188,7 +188,15 @@ def summary(self, raw):
                     raw["detected_downloaded_samples"]
                 )
 
-        if self.service in ["scan", "rescan"]:
+            if "Webutation domain info" in raw:
+                if raw['Webutation domain info']['Verdict'] == 'safe':
+                    level = 'safe'
+                elif raw['Webutation domain info']['Verdict'] == 'unsure':
+                    level = 'suspicious'
+                else:
+                    level = 'malicious'
+
+        if self.service == "scan":
             if "scans" in raw:
                 result["scans"] = len(raw["scans"])
                 value = "{}/{}".format(result["positives"], result["total"])