Skip to content
This repository has been archived by the owner on Oct 25, 2022. It is now read-only.

Virus Total integration #84

Open
majkinetor opened this issue Jun 27, 2017 · 4 comments
Open

Virus Total integration #84

majkinetor opened this issue Jun 27, 2017 · 4 comments
Labels
enhancement

Comments

@majkinetor
Copy link
Owner

This would be fairly easy to do, embedded packages could check on VT and ignore on too many posistives
@ferventcoder
Copy link

The packages do this on submission to the community repo. There may be benefit to doing it ahead of time as well.

@majkinetor
Copy link
Owner Author

majkinetor commented Jun 27, 2017
edited

Yeah, I know.

However, the benefit is substantial:

  • Since AU can push complete package both on gallery and on other places (such as git repo) having internal virus total would be beneficial to prevent 'viral' updates.
  • AU package can dynamically be updated or not based on VT results. For example for Clover package we have disabled update (see report -> ignored) and that is done manually in update.ps1. This would allow package to fix/fail itself, in a manner:
au_BeforeUpdate() { 
   Get-RemoteFiles 
   $vt = Get-VirusTotalPositives
   if ( $vt -gt 5 ) { 
          Write-Host "Ignoring package due to virus total results - $vt positives
          return 'ignore'
   }
}

@AdmiringWorm
Copy link
Contributor

@ferventcoder said
There may be benefit to doing it ahead of time as well.

There is definitely a benefit of doing this ahead of time, like for instance when a package provides multiple downloads (like the thunderbird and firefox packages, for different cultures). Since the community repo only catches the default, users of other languages and using VirusTotal will get a question to upload it to VirusTotal (usually happens with me all the time), which also makes choco lose track of the package itself (I believe a bug for that had been submitted, but not sure)

As well as the two points that @majkinetor mentioned of course.

@majkinetor regarding your second point, not completely sure if that would be possible within a reasonable time frame.
If the binary file haven't been reported before, there may be some time before it's available through the API on VirusTotal.

@majkinetor
Copy link
Owner Author

@majkinetor regarding your second point, not completely sure if that would be possible within a reasonable time frame.

Yeah.. kinda invalidates the entire idea for fast repositories such as core team repo, unless

  • the one slows down updates on AV or
  • we introduce some kind of package update delay.
  • or we upload the files to VT if there isn't any.

@majkinetor majkinetor mentioned this issue Oct 6, 2017
Open
@majkinetor majkinetor mentioned this issue Nov 15, 2017
Open
This was referenced Oct 31, 2022
Open
Open
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ferventcoder @majkinetor @AdmiringWorm