[Feature Request] Check hash on VirusTotal before upload to Firefox Send

[blade1989]

Regarding the news on Firefox Send being temporarily down, because of malware uploads, I figured that checking the hash at VirusTotal is a good indicator if the file in question should be allowed to be uploaded or not.

That seems like a decent enough feature to enable Firefox Send again,

Just to be clear, files that one is trying to upload at Firefox Send should not be uploaded to VirusTotal, just before uploading to Firefox Send, the has(md5/sha512), should be calculated, and VirusTotal should be queried if the file is know there, and if the file is a Virus.

VirusTotal API: https://developers.virustotal.com/reference

[KZeni]

This was my first thought when I saw what the reasons for the service being taken down temporarily. They might be doing more than this, but I definitely think it makes sense that this is also made to be a part of it.

#91 (comment) has me thinking there has been hesitation in the past regarding this based on wanting to know as little as possible about the files/data being uploaded. However, we need to know if what's being uploaded is malicious (hence the temporary shutdown of the service.) Checking (not needing to store it or anything) the hash of the unencrypted file to then check with VirusTotal isn't much of a privacy concession if it then helps prevent the spread of malicious payloads.

[reinhart1010]

Just to be clear, files that one is trying to upload at Firefox Send should not be uploaded to VirusTotal, just before uploading to Firefox Send, the has(md5/sha512), should be calculated, and VirusTotal should be queried if the file is know there, and if the file is a Virus.

It might be a better idea to also directly include an antivirus engine, such as ClamAV to inspect the uploaded files. Chances are that one virus infect multiple files, which gives unique hashes which could remain undetectable on VirusTotal.

[santrancisco]

Or checking it on download :) I recently built something similar to firefoxsend but much much simpler in design with just a github page, a single lambda function, apigateway and an s3 bucket https://www.relaysecret.com . I just added virustotal check today, thanks for the idea @blade1989 . The code is opensource in my github and I would love to get some feedbacks :)