diff --git a/api/routes/file.js b/api/routes/file.js
index e64dde3..06b0139 100644
--- a/api/routes/file.js
+++ b/api/routes/file.js
@@ -177,11 +177,13 @@ export function* post(next) {
     // Check in the background
     process.nextTick(function* malwareScan() {
       debug('Malware Scan');
-      const { positive, result } = yield malware(dbFile);
-      if (positive) {
-        this.statsd.incr('file.malware', 1);
+      const result = yield malware(dbFile);
+      if (result) {
+        yield Files.updateOne({_id: fileId}, {'$set': {malware: positive, virustotal: result}});
+        if (result.positive) {
+          this.statsd.incr('file.malware', 1);
+        }
       }
-      yield Files.updateOne({_id: fileId}, {'$set': {malware: positive, virustotal: result}});
     });
   } else {
     debug('Skipping Malware Scan, VIRUSTOTAL env variable not found.');
diff --git a/app.js b/app.js
index 6ab8721..93b09d3 100644
--- a/app.js
+++ b/app.js
@@ -17,8 +17,6 @@ import web from './web/app';
 import debugname from 'debug';
 const debug = debugname('hostr');
 
-debug(process.env.COOKIE_KEY);
-
 const app = websockify(koa());
 app.keys = [process.env.COOKIE_KEY];
 
diff --git a/circle.yml b/circle.yml
index a1a7edb..516ad4a 100644
--- a/circle.yml
+++ b/circle.yml
@@ -12,8 +12,5 @@ dependencies:
   cache_directories:
     - node_modules
     - web/public/jspm_packages
-  pre:
-    - npm install -g node-gyp-install
-    - node-gyp-install
   post:
     - npm run jspm
diff --git a/lib/malware.js b/lib/malware.js
index 0fb1221..e628474 100644
--- a/lib/malware.js
+++ b/lib/malware.js
@@ -1,6 +1,4 @@
-import virustotal from 'virustotal.js';
-
-virustotal.setKey(process.env.VIRUSTOTAL_KEY);
+import virustotal from './virustotal';
 
 const extensions = ['EXE', 'PIF', 'APPLICATION', 'GADGET', 'MSI', 'MSP', 'COM', 'SCR', 'HTA', 'CPL', 'MSC',
   'JAR', 'BAT', 'CMD', 'VB', 'VBS', 'VBE', 'JS', 'JSE', 'WS', 'WSF', 'WSC', 'WSH', 'PS1', 'PS1XML', 'PS2',
@@ -14,21 +12,13 @@ function getExtension(filename) {
   return (i < 0) ? '' : filename.substr(i + 1);
 }
 
-export default function(file) {
-  return new Promise((resolve, reject) => {
-    if (extensions.indexOf(getExtension(file.file_name.toUpperCase())) >= 0) {
-      virustotal.getFileReport(file.md5, (err, res) => {
-        if (err) {
-          return reject(err);
-        }
-        if (res.scans) {
-          resolve({positive: res.positives >= 5, result: res});
-        } else {
-          resolve();
-        }
-      });
-    } else {
-      resolve();
-    }
-  });
+export default function* (file) {
+  if (extensions.indexOf(getExtension(file.file_name.toUpperCase())) < 0) {
+    return false;
+  }
+  const result = yield virustotal.getFileReport(file.md5);
+  return {
+    positive: result.positives >= 5,
+    result: result,
+  };
 }
diff --git a/lib/virustotal.js b/lib/virustotal.js
new file mode 100644
index 0000000..b7bb36e
--- /dev/null
+++ b/lib/virustotal.js
@@ -0,0 +1,11 @@
+import fetch from 'node-fetch';
+import FormData from 'form-data';
+
+const apiRoot = 'https://www.virustotal.com/vtapi/v2';
+
+export function* getFileReport(resource, apiKey = process.env.VIRUSTOTAL_KEY) {
+  const form = new FormData();
+  form.append('apikey', apiKey);
+  form.append('resource', resource);
+  return yield fetch(`${apiRoot}/file/report`, { method: 'POST'});
+}
diff --git a/package.json b/package.json
index 4e36182..dba1989 100644
--- a/package.json
+++ b/package.json
@@ -19,7 +19,7 @@
     "test": "mongo hostr test/fixtures/mongo-*.js && mocha -r babel/register test/**/*.spec.js",
     "watch": "parallelshell \"npm run watch-js\" \"npm run watch-sass\" \"npm run watch-server\"",
     "watch-js": "babel -Dw -m system -d web/public/build web/public/src",
-    "watch-server": "nodemon node -r babel/register app.js",
+    "watch-server": "nodemon -r babel/register app.js",
     "watch-sass": "node-sass -w -r -o web/public/styles/ web/public/styles/"
   },
   "dependencies": {
@@ -32,6 +32,7 @@
     "co-views": "~2.1.0",
     "debug": "~2.2.0",
     "ejs": "~2.3.2",
+    "form-data": "^0.2.0",
     "gm": "~1.18.1",
     "http-errors": "~1.3.1",
     "jspm": "~0.16.0",
@@ -54,6 +55,7 @@
     "mime-types": "~2.1.5",
     "moment": "~2.10.6",
     "mongodb-promisified": "~1.0.3",
+    "node-fetch": "^1.3.2",
     "node-sass": "~3.3.0",
     "node-uuid": "~1.4.3",
     "passwords": "~1.3.0",
@@ -63,8 +65,7 @@
     "s3-upload-stream": "~1.0.7",
     "statsy": "~0.2.0",
     "stripe": "~3.7.1",
-    "swig": "~1.4.2",
-    "virustotal.js": "~0.3.1"
+    "swig": "~1.4.2"
   },
   "devDependencies": {
     "babel-eslint": "^4.0.10",