Prism - AntiVirus [Deleted]

Slavik

Slavik

XenForo moderator
Staff member
Slavik submitted a new resource:

Prism - AntiVirus - Automatically scan uploaded attachments with VirusTotal.

Prism AntiVirus - Proof of concept
Prism AntiVirus automatically submits uploaded post attachments to the VirusTotal public API for scanning.
  • Marks clean files with a link to the VirusTotal results page
  • Marks infected files with a link to the VirusTotal results page
  • Prevents infected files unable to be downloaded by users
  • Alerts moderators to the infected file with an approval queue item
  • Moderators able to approve an infected attachment if...
Click to expand...

Read more about this resource...
 
Nice...so regarding the thing on the attachments being available:
Submitting items to the VirusTotal API means uploaded files are sent to the VirusTotal server and are thus available for analysis by the VirusTotal community. Do not attach sensitive or secure information accordingly.
Click to expand...
Does this apply to all attachments, or just virus-laden ones?

How would one notify users that this is the case so that they don't upload anything sensitive? I can't see this being a mega-issue, but within an admin or mod sub forum, while I would want to scan all files, I wouldn't want this otherwise available to even the VT community. The only other option it seems would be to exclude mods/admins or a sub-forum, not exactly the perfect solution since no one is perfect and might accidentally upload a virus...

Also, does this essentially protect the server/host from any viruses that could potentially be transmitted to the server via attachment upload? I know that there was another discussion regarding virus-laden images and a host not wanting to allow image attachment out of this fear.

TIA
Bud
 
Floyd R Turbo said:
Does this apply to all attachments, or just virus-laden ones?
Click to expand...

The details on exactly what is stored and discarded is somewhat vague, regardless, as it is transmitted to a 3rd party server which ultimately we have no control over, you should consider all files publicly exposed as such.

Floyd R Turbo said:
The only other option it seems would be to exclude mods/admins or a sub-forum, not exactly the perfect solution since no one is perfect and might accidentally upload a virus...
Click to expand...

Private scan services are available, but the price for them is absolutely extortionate. If you found a private service you would be willing to pay for, then we can look at customizing the addon to use that service.

Floyd R Turbo said:
Also, does this essentially protect the server/host from any viruses that could potentially be transmitted to the server via attachment upload? I know that there was another discussion regarding virus-laden images and a host not wanting to allow image attachment out of this fear.
Click to expand...

It would not, the scan is an after the fact scan not a realtime/on demand scanner.
 
Hey Slavik i uninstalled and reinstalled it but now im getting errors.
 

Attachments

  • error2.webp
    error2.webp
    27 KB · Views: 35
EAGLE 1 said:
i have uninstalled this till their is an update fix
Click to expand...

Ultimately I have been totally unable to reproduce this bug, are you running any addons which may interfere with attachments?

Alternatively, just delete the duplicate entry from the prism table, it will get re-inserted.
 
This looks awesome!

How does this act if the request rate is exceeded? Can it potentially still allow the user to post and just queue the scan?
 
You must log in or register to reply here.
Back
Top Bottom