Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add runtime skip option to allow skipping the virus scanner #786

Closed
bc3tech opened this issue Jun 10, 2016 · 6 comments
Closed

Add runtime skip option to allow skipping the virus scanner #786

bc3tech opened this issue Jun 10, 2016 · 6 comments
Assignees
@ferventcoder
Labels
5 - Released Customer Pro/Business
Milestone
0.9.10.3

Comments

@bc3tech
Copy link
Contributor

bc3tech commented Jun 10, 2016

What You Are Seeing?

When developing a new choco package, I test the install/uninstall locally with -s . option. After upgrading to choco Pro, the virus checker gets in the way and I can't do this without the -svc option; answering Y or N to the "submit for scanning?" prompt results in an error either way.

What is Expected?

I would expect to either not scan or upload for scanning (and wait for results then continue with installation if everything is kosher) when I answer N or Y to the prompt (respectively)

How Did You Get This To Happen? (Steps to Reproduce)

  1. Create a local choco pkg for an installer that hasn't been seen by the virus scanners (eg: new software)
  2. run cinst <pkg name> -y -s . to install from the local pkg
  3. Answer either Y or N when prompted to scan the binary for viruses

    Output Log

For N answer:

PS D:\Github\Chocolatey\Franz> cup franz -y -s . -pre
Chocolatey v0.9.10-beta1-385-g8127955 Professional
Upgrading the following packages:
franz
By upgrading you accept licenses for the packages.
You have franz v0.9.10-beta installed. Version 3.0-beta is available based on your source(s).

franz v3.0-beta
Loading 'chocolatey.licensed' extension.
Downloading franz 64 bit
  from 'https://github-cloud.s3.amazonaws.com/releases/54660683/a0037c00-2f37-11e6-8917-02ad2a96a98d.zip?X-Amz-Algorithm
=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ%2F20160610%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20160610T1
94033Z&X-Amz-Expires=300&X-Amz-Signature=5ec92aea709b1d2a2165ff0d8154af14d59ce076c6051922304b26e443e89d43&X-Amz-SignedHe
aders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DFranz-win32-x64-3.0.0.zip&response-content
-type=application%2Foctet-stream'
Progress: 100% - Completed download of 'Franz-win32-x64-3.0.0.zip' (58.18 MB).
Download of 'Franz-win32-x64-3.0.0.zip' (58.18 MB) completed.
Virus scan engines indicate this file has not been scanned before.
Upload file?
WARNING: Selecting Yes WILL upload the file to a PUBLIC website
 and results will be publicly available. Do not select Yes for files
 that should be kept internal.
Upload 'Franz-win32-x64-3.0.0.zip' for scanning?

[N] No [Y] Yes (default is "N")
  Confirmation (`-y`) is set.
  Respond within 30 seconds or the default selection will be chosen.
n
You can also use VirusTotalUploader (installable w/choco) to
 submit the file to VirusTotal for scanning. The file is located at
 'd:\users\SYSTEM\AppData\Local\Temp\chocolatey\franz\3.0-beta\Franz-win32-x64-3.0.0.zip'
ERROR: Virus scan engines do not know about this file or are currently
 evaluating it. Allow up to 15 minutes after submitting the file before
 you try to install this package again. If you determine the file is
 safe, you can also use --skip-virus-check to skip the check.
The upgrade of franz was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\franz\tools\chocolateyinstall.ps1'.
 See log for details.

Chocolatey upgraded 0/1 package(s). 1 package(s) failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
Failures:
 - franz (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\franz\tools\chocolateyinstall.ps1'.
 See log for details.

For Y answer:

PS D:\Github\Chocolatey\Franz> cinst franz -y -s . -pre -f
Chocolatey v0.9.10-beta1-385-g8127955 Professional
Installing the following packages:
franz
By installing you accept licenses for the packages.

franz v3.0-beta (forced)
Loading 'chocolatey.licensed' extension.
Downloading franz 64 bit
  from 'https://github.com/imprecision/franz-app/releases/download/3.0.0/Franz-win32-x64-3.0.0.zip'
Progress: 100% - Completed download of 'Franz-win32-x64-3.0.0.zip' (58.18 MB).
Download of 'Franz-win32-x64-3.0.0.zip' (58.18 MB) completed.
Virus scan engines indicate this file has not been scanned before.
Upload file?
WARNING: Selecting Yes WILL upload the file to a PUBLIC website
 and results will be publicly available. Do not select Yes for files
 that should be kept internal.
Upload 'Franz-win32-x64-3.0.0.zip' for scanning?

[N] No [Y] Yes (default is "N")
  Confirmation (`-y`) is set.
  Respond within 30 seconds or the default selection will be chosen.
y
Uploading 'Franz-win32-x64-3.0.0.zip' to scan for viruses. Please wait...
Virus scan analysis for Franz-win32-x64-3.0.0.zip running at
https://www.virustotal.com/file/7f06000596fd5cc04e6d26c813e7c58531b3fa106a584015bc0f86bf6fe3e5f7/analysis/1465589526/
ERROR: Virus scan engines do not know about this file or are currently
 evaluating it. Allow up to 15 minutes after submitting the file before
 you try to install this package again. If you determine the file is
 safe, you can also use --skip-virus-check to skip the check.
The install of franz was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\franz\tools\chocolateyinstall.ps1'.
 See log for details.

Chocolatey installed 0/1 package(s). 1 package(s) failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
Failures:
 - franz (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\franz\tools\chocolateyinstall.ps1'.
 See log for details.
@ferventcoder ferventcoder changed the title [Pro] Can't do local installs without -svc option [Pro] Can't install locally created packages without -svc option Jun 10, 2016
@ferventcoder
Copy link
Member

So this is Pro attempting to be helpful - doesn't matter what you choose if it has never hit the virus scanner before, it has to finish the scan before it will allow it to be successfully installed with the virusCheck on.

It's a bit of a protection mechanism. If you wait the ~10ish minutes (head to the website link provided) and then run the installer, it will be kosher. Or use -svc as indicated.

@ferventcoder
Copy link
Member

I can kind of see what you mean by this was unexpected at first, but now that you understand what it is doing, does that change how you feel about this at all?

@bc3tech
Copy link
Contributor Author

bc3tech commented Jun 13, 2016

Only for the Y case...

If I say install, then No to virus checking, I'd expect it to just do the install.
Maybe a good compromise would be another option with the Y/N prompt.... Skip perhaps?

@ferventcoder
Copy link
Member

Skip - that's a good add.

@ferventcoder ferventcoder changed the title [Pro] Can't install locally created packages without -svc option [Pro] Add runtime skip option to allow skipping the virus scanner Jun 14, 2016
@ferventcoder
Copy link
Member

This is done and will be in the next release of the licensed extension.

@ferventcoder ferventcoder added this to the 0.9.10.3 milestone Jun 22, 2016
@ferventcoder ferventcoder self-assigned this Jun 22, 2016
@ferventcoder ferventcoder changed the title [Pro] Add runtime skip option to allow skipping the virus scanner Add runtime skip option to allow skipping the virus scanner Jun 23, 2016
@ferventcoder
Copy link
Member

This was released in chocolatey.extension 1.5.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ferventcoder ferventcoder

Labels
5 - Released Customer Pro/Business
Projects
None yet
Milestone
0.9.10.3
Development

No branches or pull requests
3 participants
@ferventcoder @gep13 @bc3tech