开发者

Doing a virus check on a file from a build script

开发者 https://www.devze.com 2022-12-31 00:46 出处:网络
I would like to be be able to invoke a virus check as the final stage of the build process (please don\'t question why a dev machine would get a virus, it\'s just a belt-and-braces approach to avoid t

I would like to be be able to invoke a virus check as the final stage of the build process (please don't question why a dev machine would get a virus, it's just a belt-and-braces approach to avoid the开发者_如何学Python risk of getting sued by customers...). Also I'd like the option of having AV on a machine but switching the auto file system protection off (at least for the build directories).

What I would like is a generic way of scanning a file using whatever AV system is in place. I'm assuming that there's an Windows API to do this, given that Windows detects the presence of an AV system, and browsers such as Firefox invoke a virus scan whenever a file is downloaded. So what's the API that they're using? There's the Microsoft AntiVirus API but that seems to be specific to Office documents. Does the approach involve using WMI? (and if you can detect the AV provider from there, how do you then invoke it to scan a file?)

I know that I could write the script to manually call the AV scanner that I know to be installed, but as an intellectual exercise I'm more interested to know how apps like Firefox are doing this.


Well, you may want to take a look at the nsDownloadScanner system directly on the Firefox source code:

  • nsDownloadScanner.h
  • nsDownloadScanner.cpp

As told by the comments on that files:

Download scanner attempts to make use of one of two different
virus scanning interfaces available on Windows - IOfficeAntiVirus
(Windows 95/NT 4 and IE 5) and IAttachmentExecute (XPSP2 and up).
The latter interface supports calling IOfficeAntiVirus internally,
while also adding support for XPSP2+ ADS forks which define security
related prompting on downloaded content.

Documentations on those interfaces can be found here:

  • IAttachmentExecute
  • IOfficeAntiVirus

If your software is open-source is compliant with the MPL licence (thanks, @MSalters), you may also directly use Firefox' code, to avoid reinventing the wheel.


Firefox uses the IAttachmentExecute API. However, you don't want to use that in a build script since it will add alternate stream information telling windows to show an annoying warning window when executing the file.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号