When Chocolatey is configured to use a proxy, the VirusTotal checks do not use the same settings.
What is Expected?
VirusTotal checks should honor the proxy settings.
How Did You Get This To Happen? (Steps to Reproduce)
Ran Test Kitchen Proxy tests against the VirusFeature tag
Monitored the proxy logs to see no hits for virus total.
Verified this also happens in 1.4.0 and 5.0.3.
System Details
Operating System: Server 2019
Windows PowerShell Version: 5.1
Chocolatey CLI Version: 2.0.0
Chocolatey Licensed Extension version: 6.0.0
Chocolatey License type (Professional / Business / ?): Business
Terminal/Emulator: conhost
Output Log
Output from 1.4.0/5.0.3 (the output from 2.0.0/6.0.0 is the same):
PS C:\Users\vagrant> choco install virus-total-test -y --proxy=10.0.2.2:8080
Chocolatey v1.4.0 Business
2 validations performed. 1 success(es), 1 warning(s), and 0 error(s).
Validation Warnings:
- A pending system reboot request has been detected, however, this is
being ignored due to the current Chocolatey configuration. If you
want to halt when this occurs, then either set the global feature
using:
choco feature enable -name=exitOnRebootDetected
or pass the option --exit-when-reboot-detected.
Installing the following packages:
virus-total-test
By installing, you accept licenses for the packages.
Error retrieving packages from source 'https://<Server>:8443/repository/choco-test-packages/index.json':
The remote server returned an error: (404) Not Found.
Progress: Downloading virus-total-test 0.1.0... 100%
virus-total-test v0.1.0
virus-total-test package files install completed. Performing other installation steps.
C:\ProgramData\chocolatey\lib\virus-total-test\content
Copying pngout
from 'C:\ProgramData\chocolatey\lib\virus-total-test\tools\files\pngout.exe'
Using explicit proxy server '10.0.2.2:8080'.
Virus check: 5/56 scan engines flagged this assembly.
Due to possible false positives we fail at 4 minimum positives.
Virus scan engine 'Bkav' found potential 'HW32.Packed.B0DE'.
Virus scan engine 'CAT-QuickHeal' found potential '(Suspicious) - DNAScan'.
Virus scan engine 'TheHacker' found potential 'Posible_Worm32'.
Virus scan engine 'TrendMicro-HouseCall' found potential 'PAK_Generic.008'.
Virus scan engine 'TrendMicro' found potential 'PAK_Generic.008'.
ERROR:
Virus scan engines indicate possible malware. If you
determine this file is safe, you can use --skip-virus-check to ignore.
You may also need to adjust the default minimum positives above the
default of 4. For details of the scan results see
https://www.virustotal.com/file/843f0be42e86680c1663c4ef58eb0677ace15fc29ab23897c83f4b7e5af3ef36/analysis/
The install of virus-total-test was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\virus-total-test\tools\chocolateyInstall.ps1'.
See log for details.
Chocolatey installed 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
Failures
- virus-total-test (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\virus-total-test\tools\chocolateyInstall.ps1'.
See log for details.
Squid log shows hits to Hermes and a few other locations, but no VirusTotal
Workarounds
None
Proposed Solution
The VirusTotal check should use the proxy set in Chocolatey config, or by the system.
Related Issues and Tickets
N/A
Done Checklist
[ ] Documentation has been updated.
[ ] Automated tests have been added to cover this bug.
[ ] Manual tests have been added to cover this bug.
What You Are Seeing?
When Chocolatey is configured to use a proxy, the VirusTotal checks do not use the same settings.
What is Expected?
VirusTotal checks should honor the proxy settings.
How Did You Get This To Happen? (Steps to Reproduce)
System Details
Output Log
Output from 1.4.0/5.0.3 (the output from 2.0.0/6.0.0 is the same):
Squid log shows hits to Hermes and a few other locations, but no VirusTotal
Workarounds
None
Proposed Solution
The VirusTotal check should use the proxy set in Chocolatey config, or by the system.
Related Issues and Tickets
N/A
Done Checklist
┆Issue is synchronized with this Gitlab issue by Unito