Changes in version 0.6.0 (2026-04-13) Breaking Changes - Removed VirusTotal API v2.0 Support: Completely removed all v2.0 API functions (virustotal2_GET(), virustotal2_POST()) and deprecated functions (add_comments()). The package now exclusively uses VirusTotal API v3.0. New Features - Analysis Endpoint: Added get_analysis() to retrieve analysis results by ID. - File Behaviour Endpoints: New functions for sandbox analysis: - get_file_behaviour_summary(): Summary of all behaviour reports - get_file_behaviour_mitre_trees(): MITRE ATT&CK technique mappings - get_file_behaviours(): All behaviour reports for a file - Sandbox Report Endpoints: Access individual sandbox artifacts: - get_behaviour_report(): JSON behaviour report - get_behaviour_html(): HTML report from sandbox - get_behaviour_evtx(): Windows Event Log file - get_behaviour_pcap(): Network capture file - get_behaviour_memdump(): Memory dump file Package Simplification - Streamlined Architecture: Simplified codebase by removing dual API support. - Enhanced Documentation: Updated all documentation for v3.0-only support. Migration Guide Users upgrading from versions that used v2.0 functions should ensure their code uses the equivalent v3.0 functions. Changes in version 0.5.0 (2025-12-16) Major Updates - Modernized Package Architecture: Complete modernization of the virustotal package with enhanced security, error handling, and user experience. New Features - Structured Error Handling: New S3 error classes (virustotal_error, virustotal_auth_error, virustotal_validation_error, virustotal_rate_limit_error) provide detailed error information and better debugging. - S3 Response Classes: All API responses now return structured S3 objects (virustotal_file_report, virustotal_domain_report, etc.) with custom print() and summary() methods for better user experience. - Modern Rate Limiting: Replaced environment variable-based rate limiting with a sliding window implementation that properly manages the 4 requests/minute VirusTotal API limit. - Comprehensive Input Validation: Added robust input validation using the checkmate package with security-focused sanitization functions. - Enhanced Security Utilities: New security functions for safe file operations and input sanitization to prevent common security issues. Infrastructure Improvements - Updated CI/CD: Migrated from Travis CI/AppVeyor to GitHub Actions with comprehensive testing matrix (R oldrel-1, release, devel). - Modern Dependencies: Updated minimum R version to 4.0.0, migrated from plyr to dplyr, added modern packages (checkmate, jsonlite, rlang). - Enhanced Documentation: Improved documentation with roxygen2 markdown support and comprehensive examples. - Test Coverage: Expanded test suite with proper mocking support and comprehensive error handling validation. API Enhancements - Improved Domain Processing: Enhanced domain cleaning logic that properly handles URLs with protocols, www prefixes, and paths. - Better Error Messages: More informative error messages with parameter context and suggested fixes. - Response Formatting: Rich response formatting with detection summaries, file metadata, and threat intelligence display. Breaking Changes - Minimum R version increased from 3.3.0 to 4.0.0 - Some internal functions have been refactored (not user-facing) - Error objects now use structured S3 classes instead of simple character strings Bug Fixes - Fixed rate limiting edge cases and timing issues - Improved handling of malformed API responses - Enhanced validation precedence for better test compatibility - Fixed Unicode character encoding in utility functions Development Tools - Added virustotal_info() function for package configuration diagnostics - Enhanced rate limit status reporting with get_rate_limit_status() - Improved temporary file management with security-focused utilities Changes in version 0.3.0 (2025-09-02) Major Changes - BREAKING: Migrated all core functions to VirusTotal API v3 - BREAKING: Function return types changed from data.frame to list (following v3 API structure) - Updated all functions: file_report(), scan_file(), rescan_file(), url_report(), scan_url(), domain_report(), ip_report() - Removed deprecated virustotal2_* function calls from user-facing functions New Features - Enhanced input validation for all functions - Automatic URL encoding for v3 API compatibility - Improved error messages with actionable guidance - Support for IPv6 addresses in ip_report() - Domain name normalization (removes protocols, www, paths) Testing & Quality - Comprehensive test suite with 47+ tests - Added input validation tests for all core functions - Proper error handling tests - GitHub Actions CI/CD pipeline replacing AppVeyor - Multi-platform testing (Ubuntu, Windows, macOS) - Automated test coverage reporting Documentation - Updated all function documentation for v3 API - Comprehensive vignette rewrite with modern examples - Updated references to point to current VirusTotal documentation - Added usage examples for all major functions Dependencies - Added base64enc for URL encoding support - Updated imports and suggests for modern R ecosystem Changes in version 0.2.2 (2021-11-04) - support for domain and ip v3 - deprecate v2 domain and ip functions Changes in version 0.2.1 (2017-05-01) - extensive linting, passes expect_no_lint - url_report now returns service name Changes in version 0.2.0 (2016-11-12) - Removed link to bitdefender because CRAN was having issues - Better documentation with examples including comment for set_key, better formatting - Better error handling and more consistent returned data structures for url_report, file_report, rescan_file - url_report now accepts scan_id as a param - Warning messages end with new line - Added more tests, specifically checking returns to what happens when params/hash are incorrect - Enforces rate limiting --- 4 queries per minute. - Graceful error handling if error limit exceeded. - changed virustotal to VirusTotal as CRAN doesn't muck around. Changes in version 0.1.0 (2016-06-02) - Initial release