VT Hash Check - auto-scan downloads

Discussion in 'other anti-virus software' started by luciddream, Oct 2, 2012.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Anybody found out an alternative for chrome?
    I haven't found an extension able to do the same than "Download Statusbar" (scan with *.exe...)
    Lately VT is quite fast, maybe because it was bought by google.
     
  2. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I just fixed the rules. I had the port range 1030-3000 before for HTTPS rule. It had always worked fine that way before, but just now I noticed it used a higher port in the 4000 range. So I changed that range to 1030-4999 now.

    But anyhow if you notice it using even higher numbered ports than 4999, adjust your rules accordingly. Or just allow any if you trust it and never want to be bothered with such things. Probably what I would do too if I weren't OCD about this stuff.
     
  3. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    I just discovered this nifty little tool, liking it so far :thumb:
     
  4. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474

    that's the thing, VT was bought by google.

    myself i won't use anything by google any more. also blocking what urls i know are connected to them in hosts file.
     
  5. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I generally share the same concerns as you regarding Google, Snoop. I don't put anything Google on my box. Don't use any Google related services besides watching the occasional Youtube video (allowing only the 2 scripts necessary to do so- youtube & ytimg, over https). And absolutely, especially, refuse to use their search engine or email. I'm an Ixquick guy personally.

    But I'm very confident that the only thing being transmitted when using VT Hash Check is the hash of the file in question. Perhaps also a counter of the amount of times it was used when you close it out, which is very common and unobtrusive. Without such things independent software developers wouldn't be able to give us awesome free apps like VTHC. It's the "in your face" stuff I hate, like the Avira update ad for instance...

    I understand your concern, but I don't share it.
     
  6. Boredomsoft

    Boredomsoft Registered Member

    Joined:
    Jul 21, 2012
    Posts:
    13
    Location:
    San Francisco
    This is what VT Hash Check sends over the wire (using the eicar test file as the target):

    Code:
    POST /vtapi/v2/file/report HTTP/1.0
    Accept: */*
    Accept-Language: en
    User-Agent: RB-VTAPI/1.26 (VT Hash Check; U; Win32 7601)
    Host: www.virustotal.com
    Content-type: application/x-www-form-urlencoded
    Content-length: 121
    
    apikey=XXXXX--REDACTED--XXXXXXXXXXXXX&resource=3395856CE81F2B7382DEE72602F798B642F14140
    A simple HTTP POST request with the API key and hash. And this is what VirusTotal.com responds with: http://paste.boredomsoft.org/main.php/view/63018523. Note that even though VirusTotal.com is setting a cookie in its response, VTHC doesn't honor cookies.

    Nothing else is exchanged between VTHC and VirusTotal.com. Additionally, VTHC does not "phone home" at all unless you explicitly ask it to check for newer versions.
     
    Last edited: Mar 12, 2013
  7. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Hey, thanks for chiming in here again bud, and confirming my hunch. Perhaps it's just my ego talking, but I consider myself a good judge of character from correspondence I have with devs. And I get a good vibe from you. It's also how I go about choosing my VPN providers. I ask them a few questions, even if rhetorical stuff I already know the answer to, just to get a gut feeling to go on. That gut tells me you're good people.

    Now... if you could just provide a .zip or .exe version for download, you'd be even more awesome ; ) I don't like putting any 3'rd party software on my box than I have to, and I think you'd find that sentiment pretty unanimous in here. I'd prefer a .zip version over .exe since it's more secure, as an archive can't burn you until extracted if infected (which for the record I doubt would ever be the case), but still, never say never.

    The only way I even got to get v1.01 was because I got it from a friends box that has 7zip installed, and extracted it and put it on a USB stick.
     
  8. Boredomsoft

    Boredomsoft Registered Member

    Joined:
    Jul 21, 2012
    Posts:
    13
    Location:
    San Francisco
    The most recent version (1.26) switched to zip file distribution; see the comments on the download page for a link to the naked EXE installer. :D
     
  9. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    I use this with Cyberfox :thumb: really miss it in chrome also....
    So no alternative o_O
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Wow... not even 24 hours passes and you've already addressed the issue. That is being on top of things.

    Many thanks. I believe this will get more people using your wonderful product. Many times have I gone to get something, only to see it packed in a format I'd need a 3'rd party tool to extract, and instead of doing so just use another product instead.

    Look forward to trying out the new version. I'll give you some objective feedback. Take care of yourself and this awesome tool of yours. Along with Firefox, the Download Statusbar add-on, and Sandboxie, this makes for a very comprehensive & convenient approach to prevent malware.

    And for Chrome or IE users too. The convenience factor due to the Download Statusbar auto-fire may not be there, but still to context menu/right click scan it before un-isolating/boxing the file. 45 opinions that are always up to date. So still very handy regardless of your browser of choice. But that said it would be great if Chrome could get something that accomplishes the same thing as the D-S add-on.
     
    Last edited: Mar 15, 2013
  11. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    Does it still crash when it can't connect (e.g. offline)? I haven't checked and am just being lazy here...
     
  12. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    I'm getting a bad GPG signature with the latest .zip archive.
     
  13. Boredomsoft

    Boredomsoft Registered Member

    Joined:
    Jul 21, 2012
    Posts:
    13
    Location:
    San Francisco
    Whoops! The D/L page was still linking to the .7z sig file rather than the .zip version. It should verify now.
     
  14. Boredomsoft

    Boredomsoft Registered Member

    Joined:
    Jul 21, 2012
    Posts:
    13
    Location:
    San Francisco
    Have any of you used the features in VTHC to post comments or request a rescan lately? They've stopped working for me despite no changes on my end; I'm wondering if anyone else has been experiencing these issues, and whether it's my fault or something on VirusTotal.com's end.

    Thanks!
     
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Yes, I've been checking out this software for the last few days and noticed when requesting a rescan, it gives an error box called Probably not my fault, with the info Response was empty. Try again later.
     
  16. Boredomsoft

    Boredomsoft Registered Member

    Joined:
    Jul 21, 2012
    Posts:
    13
    Location:
    San Francisco
    Thanks for the response. It looks like VT has modified or disabled part of their API without publishing the changes. I'll keep working on this but as far as I can see there's little I can do until/unless VT reverts to its old behavior (or updates their documentation.) :mad:
     
  17. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Has anyone else had this VTHC/Download Statusbar auto-fire method no longer work since the upgrade to Firefox 20?

    I recently formatted a new box here and put 20 right on the thing from the get-go, and VTHC, so I'm thinking maybe it's something I've overlooked instead. I don't even see any download statusbar along the bottom of my screen now at all when I download stuff, let alone does VTHC scan it.

    In fact there's not even the default FF download box there now when I download things.

    Keyscrambler 2.9.3 no longer works with FF 20 either... I'm really not liking this version. Think I may stick with 19.0.2 for awhile.
     
  18. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    It's the upgrade to Firefox 20 + Download Statusbar conflict. I'm convinced this has nothing whatsoever to do with VT Hash Check. FF 20 changed the way it handles downloads, and now Download Statusbar just doesn't work with it.

    I'm reverting back to FF 19.0.2 until there's a fix.
     
  19. ParaNodes

    ParaNodes Registered Member

    Joined:
    Jul 15, 2003
    Posts:
    70
    Just tested on Vista x64 and XPsp3 VM with FF 20 and working fine, I'm seeing both Download Statusbar and the new FF 20 Download Manager, I have Add-on Bar enabled in both if that makes a difference.
     
  20. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    Working fine here on Firefox 20.
     
  21. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    @Boredomsoft: Any chance of getting an option to make the Close button the default on the results dialog?

    VTHashDialog.png
     
  22. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Any news on this?

    Also, I saw VT updated it's size limit from 32 to 64 MB, so software needs to be updated to change the limit.
     
  23. Boredomsoft

    Boredomsoft Registered Member

    Joined:
    Jul 21, 2012
    Posts:
    13
    Location:
    San Francisco
    For the moment I'm going to say 'no' to that. If it's any consolation you can press the escape key to invoke the Close button. A user-customizable UI does sound like a fun challenge to implement, though, so there may yet be hope.

    I've e-mailed VirusTotal and am currently awaiting a response.
    Thanks for pointing that out! I'll push out an update in the next day or so. :D
     
  24. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    Fair enough. I asked because many times the results dialog pops up without me knowing it (I'm using VT Hash Check in conjunction with Download Statusbar in Firefox - kudos to luciddream for the idea). Thinking I'm still typing in the last window I selected, I end up loading the full results inadvertently. I thought it would be better to save the bandwidth load on VirusTotal by switching the default button (at least for me).

    I'm going to try adding something to my persistent Autohotkey script that will automatically select the close button when the results window opens (not sure why that thought didn't occur to me until just now). If you get around to adding some user customizable features to the GUI, that would be cool. Either way, I just appreciate what you've created and shared with us. :thumb:
     
  25. Boredomsoft

    Boredomsoft Registered Member

    Joined:
    Jul 21, 2012
    Posts:
    13
    Location:
    San Francisco
    It seems the trouble isn't with VT.com but with the JSON parsing library I've been using; I've been triggering a subtle bug while constructing my comment-post request. I will be pushing out another update to correct this very soon.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.