It is possible to have an actionable claim against Virustotal if it was revealed that (this is something the government would obviously want):
1. It hid files with spoofed signatures from other vendors or even other users.
2. The file would be popularly defined as malicious.
3. The file would have a spoofed scan showing as fine.

It seems unlikely that any dll would be the first to be uploaded given that cheaper antivirus vendors use virustotal as the scanning engine (or false positive detection engine).

I think it would be minor news if the government does use malware in investigations, so obviously the government used it once against Tor and decided it wouldn't be viable for future investigations.

I am certain everyone trusts the government totally, because discovery is a long held legal issue of constitutional value, and so it isn't inherently corrupt to avoid discovery.


Sent with ProtonMail Secure Email.