views:

75

answers:

2

I would like to be be able to invoke a virus check as the final stage of the build process (please don't question why a dev machine would get a virus, it's just a belt-and-braces approach to avoid the risk of getting sued by customers...). Also I'd like the option of having AV on a machine but switching the auto file system protection off (at least for the build directories).

What I would like is a generic way of scanning a file using whatever AV system is in place. I'm assuming that there's an Windows API to do this, given that Windows detects the presence of an AV system, and browsers such as Firefox invoke a virus scan whenever a file is downloaded. So what's the API that they're using? There's the Microsoft AntiVirus API but that seems to be specific to Office documents. Does the approach involve using WMI? (and if you can detect the AV provider from there, how do you then invoke it to scan a file?)

I know that I could write the script to manually call the AV scanner that I know to be installed, but as an intellectual exercise I'm more interested to know how apps like Firefox are doing this.

+1  A: 

Firefox uses the IAttachmentExecute API. However, you don't want to use that in a build script since it will add alternate stream information telling windows to show an annoying warning window when executing the file.

ThiefMaster
+1  A: 

Well, you may want to take a look at the nsDownloadScanner system directly on the Firefox source code:

As told by the comments on that files:

Download scanner attempts to make use of one of two different
virus scanning interfaces available on Windows - IOfficeAntiVirus
(Windows 95/NT 4 and IE 5) and IAttachmentExecute (XPSP2 and up).
The latter interface supports calling IOfficeAntiVirus internally,
while also adding support for XPSP2+ ADS forks which define security
related prompting on downloaded content.

Documentations on those interfaces can be found here:

If your software is open-source is compliant with the MPL licence (thanks, @MSalters), you may also directly use Firefox' code, to avoid reinventing the wheel.

Tyn
FireFox is MPL licensed, a distribution license. That means you may _also_ use it for internal closed-source software as long as you don't distribute it. A build system typically qualifies - as it's typically never distributed, it doesn't have a distribution license, open or closed.
MSalters
Thanks, that's exactly what I was looking for.
the_mandrill
Thanks, @MSalters, I've edited my answer to fix that. I'm not completely aware of all those licences stuffs. :)@the_mandrill, you're welcome!
Tyn