Closed nvdaes closed 6 months ago
XLTechie
commented
6 months ago @nvdaes I am uncertain about something. What is the value of providing the URL in the store?
That is, if no add-on (after a while) makes it into the store without confirmation of VirusTotal, isn't the test result implied by the add-on being there? Wouldn't a simple "Scanned by virus total" notation be sufficient, with maybe more elaboration in the user guide?
nvdaes
commented
6 months ago Luke wrote:
That is, if no add-on (after a while) makes it into the store without confirmation of VirusTotal, isn't the test result implied by the add-on being there? Wouldn't a simple "Scanned by virus total" notation be sufficient, with maybe more elaboration in the user guide?
I think it's betterto provide an action to scan the add-on whenever,since results maybe updated: See the Real-time updates section of the following link:
Adriani90
commented
6 months ago Can this not happen automatically in the background before downloading? Is there a way to do that maybe via an API or so?
nvdaes
commented
6 months ago Adriani wrote:
Can this not happen automatically in the background before downloading? Is there a way to do that maybe via an API or so?
I think that, though this is possible in terms of programming, this may exceed available limits of the API, and perhaps this woldn't bring a benefit grater than cons. See info about API and cuotas at:
XLTechie
commented
6 months ago I hadn't realized we had given up on the API idea during submission.
seanbudd
commented
6 months ago We won't be accepting add-ons with flagged issues with VirusTotal and plan to scan all add-ons currently uploaded. False positives will require contacting the scanner engine, generally they have been responsive when fixing false positives with NVDA. This is assuming the false positive rate isn't exceptionally high.
Is your feature request related to a problem? Please describe.
Though security of add-ons cannot be warranted, analyzing them with VirusTotal at any moment, specially before installing, maybe very useful to see if bundled malware is detected, and,in this case, to request removal from the store.
Describe the solution you'd like
The URL of VirusTotal analysis for each submitted add-on would be shown in the details panel of the store,as well as making possible to open that URL from a new action.
Describe alternatives you've considered
Users can downloadthe add-on using the download URL,and then submit the file to Virus Total, and the download URL can also be submitted.
Additional context
nvaccess/addon-datastore#3246