Skip to content
This repository has been archived by the owner on May 22, 2021. It is now read-only.

[Feature Request] Check hash on VirusTotal before upload to Firefox Send #1511

Open
blade1989 opened this issue Aug 7, 2020 · 3 comments
Open

[Feature Request] Check hash on VirusTotal before upload to Firefox Send #1511

blade1989 opened this issue Aug 7, 2020 · 3 comments

Comments

@blade1989
Copy link

Regarding the news on Firefox Send being temporarily down, because of malware uploads, I figured that checking the hash at VirusTotal is a good indicator if the file in question should be allowed to be uploaded or not.

That seems like a decent enough feature to enable Firefox Send again,

Just to be clear, files that one is trying to upload at Firefox Send should not be uploaded to VirusTotal, just before uploading to Firefox Send, the has(md5/sha512), should be calculated, and VirusTotal should be queried if the file is know there, and if the file is a Virus.

VirusTotal API: https://developers.virustotal.com/reference
@KZeni
Copy link

KZeni commented Aug 21, 2020
edited
Loading

This was my first thought when I saw what the reasons for the service being taken down temporarily. They might be doing more than this, but I definitely think it makes sense that this is also made to be a part of it.

#91 (comment) has me thinking there has been hesitation in the past regarding this based on wanting to know as little as possible about the files/data being uploaded. However, we need to know if what's being uploaded is malicious (hence the temporary shutdown of the service.) Checking (not needing to store it or anything) the hash of the unencrypted file to then check with VirusTotal isn't much of a privacy concession if it then helps prevent the spread of malicious payloads.

@reinhart1010
Copy link

Just to be clear, files that one is trying to upload at Firefox Send should not be uploaded to VirusTotal, just before uploading to Firefox Send, the has(md5/sha512), should be calculated, and VirusTotal should be queried if the file is know there, and if the file is a Virus.

It might be a better idea to also directly include an antivirus engine, such as ClamAV to inspect the uploaded files. Chances are that one virus infect multiple files, which gives unique hashes which could remain undetectable on VirusTotal.

@santrancisco
Copy link

Or checking it on download :) I recently built something similar to firefoxsend but much much simpler in design with just a github page, a single lambda function, apigateway and an s3 bucket https://www.relaysecret.com . I just added virustotal check today, thanks for the idea @blade1989 . The code is opensource in my github and I would love to get some feedbacks :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@KZeni @santrancisco @blade1989 @reinhart1010