tags:

views:

75

answers:

2
+1  Q: 

Doing a virus check on a file from a build script

I would like to be be able to invoke a virus check as the final stage of the build process (please don't question why a dev machine would get a virus, it's just a belt-and-braces approach to avoid the risk of getting sued by customers...). Also I'd like the option of having AV on a machine but switching the auto file system protection off (at least for the build directories).

What I would like is a generic way of scanning a file using whatever AV system is in place. I'm assuming that there's an Windows API to do this, given that Windows detects the presence of an AV system, and browsers such as Firefox invoke a virus scan whenever a file is downloaded. So what's the API that they're using? There's the Microsoft AntiVirus API but that seems to be specific to Office documents. Does the approach involve using WMI? (and if you can detect the AV provider from there, how do you then invoke it to scan a file?)

I know that I could write the script to manually call the AV scanner that I know to be installed, but as an intellectual exercise I'm more interested to know how apps like Firefox are doing this.

+1  A: 

Firefox uses the IAttachmentExecute API. However, you don't want to use that in a build script since it will add alternate stream information telling windows to show an annoying warning window when executing the file.

ThiefMaster  2010-05-19 08:45:52
+1  A: 

Well, you may want to take a look at the nsDownloadScanner system directly on the Firefox source code:

As told by the comments on that files:

Download scanner attempts to make use of one of two different
virus scanning interfaces available on Windows - IOfficeAntiVirus
(Windows 95/NT 4 and IE 5) and IAttachmentExecute (XPSP2 and up).
The latter interface supports calling IOfficeAntiVirus internally,
while also adding support for XPSP2+ ADS forks which define security
related prompting on downloaded content.

Documentations on those interfaces can be found here:

If your software is open-source is compliant with the MPL licence (thanks, @MSalters), you may also directly use Firefox' code, to avoid reinventing the wheel.

Tyn  2010-05-19 08:56:35
FireFox is MPL licensed, a distribution license. That means you may _also_ use it for internal closed-source software as long as you don't distribute it. A build system typically qualifies - as it's typically never distributed, it doesn't have a distribution license, open or closed.
MSalters  2010-05-19 09:04:52
Thanks, that's exactly what I was looking for.
the_mandrill  2010-05-19 09:40:26
Thanks, @MSalters, I've edited my answer to fix that. I'm not completely aware of all those licences stuffs. :)@the_mandrill, you're welcome!
Tyn  2010-05-19 13:14:11

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)