Comments (3)
KZeni
commented on May 24, 2024
This was my first thought when I saw what the reasons for the service being taken down temporarily. They might be doing more than this, but I definitely think it makes sense that this is also made to be a part of it.
#91 (comment) has me thinking there has been hesitation in the past regarding this based on wanting to know as little as possible about the files/data being uploaded. However, we need to know if what's being uploaded is malicious (hence the temporary shutdown of the service.) Checking (not needing to store it or anything) the hash of the unencrypted file to then check with VirusTotal isn't much of a privacy concession if it then helps prevent the spread of malicious payloads.
from send.
reinhart1010
commented on May 24, 2024
Just to be clear, files that one is trying to upload at Firefox Send should not be uploaded to VirusTotal, just before uploading to Firefox Send, the has(md5/sha512), should be calculated, and VirusTotal should be queried if the file is know there, and if the file is a Virus.
It might be a better idea to also directly include an antivirus engine, such as ClamAV to inspect the uploaded files. Chances are that one virus infect multiple files, which gives unique hashes which could remain undetectable on VirusTotal.
from send.
santrancisco
commented on May 24, 2024
Or checking it on download :) I recently built something similar to firefoxsend but much much simpler in design with just a github page, a single lambda function, apigateway and an s3 bucket https://www.relaysecret.com . I just added virustotal check today, thanks for the idea @blade1989 . The code is opensource in my github and I would love to get some feedbacks :)
from send.
Related Issues (20)
- Create upload URLs using async crypto HOT 2
- Restrict upload permissions
- When will product improvements can be complete? HOT 1
- Implement FPN promo experiment
- The "Report these files as suspicious" link it's not visible if the download page contains multiple files uploaded HOT 1
- The string from the "Files Reported" page has a dark font and is hardly visible when dark mode is enabled HOT 1
- The "link has expired" page is wrongly displayed when returning from the "Report Infringement" page to the download files page using the "Back" button HOT 1
- Upload does not work (web server running properly) HOT 1
- [Mobile][IOS] The "Only 64 files can be uploaded at a time." pop-up is not displayed after trying to upload more than 64 files using the Safari browser
- [Dark Mode] The "Unlock" button and the field's border wrongly remain in the read state after typing a new password HOT 1
- The "Share link" button is displayed instead of the "Copy link" button on Safari and Edge Chromium HOT 2
- [Mobile][IOS] The “Do you want to download <file_name> ” pop-up is not shown after the download is complete for files larger than 50 MB
- [Mobile][IOS] Files larger than 100 MB cannot be are uploaded using the Safari mobile browser
- The `Privacy Notice` is not displayed after clicking the `Privacy` footer link if you are not logged in HOT 1
- The radio buttons on the `Report` page have variable sizes depending on the string size/length HOT 1
- There is a large amount of empty space between the log in card and the footer of the page when the browser is resized to the mobile view
- Possible to specify a password longer than the max chars accepted
- Immediate upload failure (something went wrong page) HOT 9
- 401 Unauthorized when trying to anonymously download a file HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from send.