• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Prism - AntiVirus 1.0.0 Alpha 1

No permission to download

Slavik

XenForo moderator
Staff member
#1
Slavik submitted a new resource:

Prism - AntiVirus - Automatically scan uploaded attachments with VirusTotal.

Prism AntiVirus - Proof of concept
Prism AntiVirus automatically submits uploaded post attachments to the VirusTotal public API for scanning.
  • Marks clean files with a link to the VirusTotal results page
  • Marks infected files with a link to the VirusTotal results page
  • Prevents infected files unable to be downloaded by users
  • Alerts moderators to the infected file with an approval queue item
  • Moderators able to approve an infected attachment if...
Read more about this resource...
 

Floyd R Turbo

Well-known member
#9
Nice...so regarding the thing on the attachments being available:
Submitting items to the VirusTotal API means uploaded files are sent to the VirusTotal server and are thus available for analysis by the VirusTotal community. Do not attach sensitive or secure information accordingly.
Does this apply to all attachments, or just virus-laden ones?

How would one notify users that this is the case so that they don't upload anything sensitive? I can't see this being a mega-issue, but within an admin or mod sub forum, while I would want to scan all files, I wouldn't want this otherwise available to even the VT community. The only other option it seems would be to exclude mods/admins or a sub-forum, not exactly the perfect solution since no one is perfect and might accidentally upload a virus...

Also, does this essentially protect the server/host from any viruses that could potentially be transmitted to the server via attachment upload? I know that there was another discussion regarding virus-laden images and a host not wanting to allow image attachment out of this fear.

TIA
Bud
 

Slavik

XenForo moderator
Staff member
#10
Does this apply to all attachments, or just virus-laden ones?
The details on exactly what is stored and discarded is somewhat vague, regardless, as it is transmitted to a 3rd party server which ultimately we have no control over, you should consider all files publicly exposed as such.

The only other option it seems would be to exclude mods/admins or a sub-forum, not exactly the perfect solution since no one is perfect and might accidentally upload a virus...
Private scan services are available, but the price for them is absolutely extortionate. If you found a private service you would be willing to pay for, then we can look at customizing the addon to use that service.

Also, does this essentially protect the server/host from any viruses that could potentially be transmitted to the server via attachment upload? I know that there was another discussion regarding virus-laden images and a host not wanting to allow image attachment out of this fear.
It would not, the scan is an after the fact scan not a realtime/on demand scanner.
 

Slavik

XenForo moderator
Staff member
#18
i have uninstalled this till their is an update fix
Ultimately I have been totally unable to reproduce this bug, are you running any addons which may interfere with attachments?

Alternatively, just delete the duplicate entry from the prism table, it will get re-inserted.