Hmm, so it's the anonymfile website itself that generates something in the virustotal... It's a bit counterintuitive that I have to "download the file and then upload it to the website", it's in one of those cases where you download the application that a virus comes along with it, no?
(I'm not talking about this specific file anymore, it must be clean, I'm talking about hypothetical situations now.)
The URL scanner scans the page looking for indicators info like malicious scripts in the page source code or in this case "Is this site known to be malicious" and so on, this site isn't malicious itself its just a file host but that's also why people can upload whatever they want to it and then become the host of a known malware (or soon to be known malware) hence the indicator above being the "Known host of SmokeLoader malware".
Its also valid to scan URLs that aren't even related to file hosts so the URL scanner was never designed to download what people seem to conclude is a quicker way to scan a download from a file host.
In order to scan files via URL virustotal would to need find the download link on the page and download it then scan the file, all file hosts are different though, some have instant download links, others have wait timers and sites like Mega store files encrypted so if virustotal did scan the file it wouldn't be the real file contents anyway, it would be an astronomical amount of work to account for all file hosting sites.
Downloading files to scan on virustotal shouldn't be ok, when you open is usually when "detonating any potential malware payload" that was in the download can become a thing.
Saying this though, there is nothing wrong with being vigilant online (I wish more people would be honestly
) so only do it if you are comfortable to!
