Closed Bug 396553 Opened 15 years ago Closed 14 years ago

DM no longer does virus scan

Categories

(Toolkit :: Downloads API, defect, P4)

x86
Windows XP
defect

Tracking

()

RESOLVED DUPLICATE of bug 393305
mozilla1.9beta3

People

(Reporter: aja+bugzilla, Unassigned)

Details

(Keywords: qawanted)

Attachments

(1 file)

Probable regression from bug 393301 landing.

See thread: http://forums.mozillazine.org/viewtopic.php?p=3060547#3060547
Make that "possible" regression from bug 393301 landing.
I see there were a numerous other DM checkins about the same time:
385734, 395134, 396488, 396450, 396451, 396453. 
This works for me using a trunk build pulled after this bug was filed, on Windows. 
I find it highly unlikely that this was regressed by anything.  The code path for it wasn't changed.
So, as I recall reading in the mozillazine forum about this - someone updated their virus scanner and it stopped working, correct?  If so, care to check builds before then with the same one?  It's possible the virus scanner stopped implementing the api we use, so we would no longer scan.  It could also be that they left the entry in the registry, but it doesn't actually do anything, which means we have a neat bug to worry about.  If that is the case, then we need to see what IE7 does as well for this.
No version/release update involved for me using AVG 7.5 Free Edition...unless its behavior was changed with just an overnight definition update.

FWIW...I just d/l'ed an hourly build, both the win .exe and .zip, and it looks like it did scan the .exe (way faster than it used to ???), but not the zip. Perhaps there was a change to only scan directly-executables, or something mime type related? 

I'll try some other file types when I get some free time (not likely for a day or so).

 
I can confirm, that scanning (if doing so) is much faster in today's nightly than it was yesterday.

Using NOD32 and Mozilla/5.0 (Windows; U; Windows NT 6.0; sk; rv:1.9a8pre) Gecko/2007091804 Minefield/3.0a8pre

Attached image screenshot
with Norton Internet Security 2008.

NIS2008 automatically add a "Norton Toolbar" to browser.
see screenshot.
no problem with Firefox 2, Norton Toolbar is added.(red circle)
but problem with Minefield, it is not added.

Minefield seems to be not recognized by NIS2008.
so scanning does not work with Minefield + NIS2008.

if someone use NIS2008, please try to check.
(In reply to comment #7)
> NIS2008 automatically add a "Norton Toolbar" to browser.

That's unrelated to this bug, and sounds like a compatibility issue with the Norton extension (or whatever mechanism they use to add the toolbar). It doesn't look like a Firefox problem to me.
(In reply to comment #8)
> (In reply to comment #7)
> > NIS2008 automatically add a "Norton Toolbar" to browser.
> 
> That's unrelated to this bug, and sounds like a compatibility issue with the
> Norton extension (or whatever mechanism they use to add the toolbar). It
> doesn't look like a Firefox problem to me.
> 

yes.

the point is
> Minefield seems to be not recognized by NIS2008.
> so scanning does not work with Minefield + NIS2008.
...and my point is that it doesn't matter if it recognizes Minefield.  It's a windows API call...
Downloading latest win trunk exe at http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/FX-WIN32-TBOX-trunk/firefox-3.0a8pre.en-US.win32.installer.exe (which gets downloaded as firefox-3.0a8pre.en-US.win32.installer.exe.exe), the following messages occur in error console:

Error: [Exception... "'Component is not available' when calling method: [nsIHandlerService::fillHandlerInfo]"  nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "<unknown>"  data: no]

Error: [Exception... "'Component is not available' when calling method: [nsIHandlerService::getTypeFromExtension]"  nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "<unknown>"  data: no]

Error: [Exception... "'Component is not available' when calling method: [nsIHandlerService::fillHandlerInfo]"  nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "JS frame :: file:///D:/Program%20Files/Minefield/firefox/components/nsHelperAppDlg.js :: anonymous :: line 362"  data: no]
Source File: file:///D:/Program%20Files/Minefield/firefox/components/nsHelperAppDlg.js
Line: 362

Line 362 of above file:
      var iconString = "moz-icon://" + fname + "?size=16&contentType=" + this.mLauncher.MIMEInfo.MIMEType;

Error: [Exception... "'Component is not available' when calling method: [nsIHandlerService::getTypeFromExtension]"  nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "JS frame :: chrome://mozapps/content/downloads/downloads.js :: downloadCompleted :: line 105"  data: no]
Source File: chrome://mozapps/content/downloads/downloads.js
Line: 105

Line 105 of above file:
      var contentType = mimeService.getTypeFromFile(aDownload.targetFile);

The first 3 messages occur when d/l is started, the latter occurs when d/l completes.

No such messages when downloading same build's zip.

Sorry for the bug spam if these messages are irrelevant.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a8pre) Gecko/2007091904 Minefield/3.0a8pre ID:2007091904
The nsIHandlerService errors are garbage and are not actually errors.
Can you still reproduce this?
Flags: blocking-firefox3?
(In reply to comment #13)
> Can you still reproduce this?
> 

yes.
maybe this is a problem only with NIS2008.
Blocking for investigation, especially of comment 4 and for testing with NIS 2008. The scenarios we should test are:

 - install Firefox, install NIS2008, check to see if it works
 - install NIS2008, install Firefox, check to see if it works
 - install older NIS, install Firefox, update NIS, check to see if it works

Adding qawanted to see if we can get support, here.
Flags: blocking-firefox3? → blocking-firefox3+
Keywords: qawanted
Target Milestone: --- → Firefox 3 M10
(In reply to comment #15)
> Blocking for investigation, especially of comment 4 and for testing with NIS
> 2008. The scenarios we should test are:
> 
>  - install Firefox, install NIS2008, check to see if it works
>  - install NIS2008, install Firefox, check to see if it works
>  - install older NIS, install Firefox, update NIS, check to see if it works
> 
> Adding qawanted to see if we can get support, here.

QA only has the following, currently:

Norton AntiVirus 2007
Trend Micro Internet Security 2007
McAfee VirusScan Plus 2007
Panda Internet Security 2007
CA Anti-Virus 2007

I'm assuming I can go ahead and test Norton AntiVirus 2007 in lieu of NIS2008's absence?  Note also that https://bugzilla.mozilla.org/show_bug.cgi?id=396553#c5 claims that AVG 7.5 Free Edition is likewise affected/crippled, so I'll give that a testing too, when I get a chance.
I'll probably need to spin this off into a separate bug (given that it's actually the _converse_ of what's being reported here), but I'm seeing Minefield seemingly hold on to/invoke the AV service API.

http://img171.imageshack.us/my.php?image=picture1kw9.png

In other words, what *I'm* seeing is us working when we shouldn't be...
(In reply to comment #17)
> I'll probably need to spin this off into a separate bug (given that it's
> actually the _converse_ of what's being reported here), but I'm seeing
> Minefield seemingly hold on to/invoke the AV service API.
> 
> http://img171.imageshack.us/my.php?image=picture1kw9.png
> 
> In other words, what *I'm* seeing is us working when we shouldn't be...
eh, we have no control over what the virus scanner does - we just call to it.  If it doesn't check that it's supposed to be disabled, we can't do anything about it.  A bug about that would be quickly WONTFIX'd ;)
I can't yet make this fail, using either Norton AV 2007 or AVG 7.5 on Windows XP SP 2.

http://img264.imageshack.us/my.php?image=picture4ib8.png shows AVG 7.5 recognizing the threat; the misnamed "Blocked by Parental Controls" you see in the DM window is covered by bug 393303.

Are people actually downloading 'known' viruses/worms, and not getting the "Threat detected" messaging?  Comments here seem to indicate "the scanning is faster," but no-one seems to have yet asserted that it's actually failing to find threats; if you'd like to help test, can you folks download the various packages of "eicar"--a perfectly harmless test file that stokes AV programs--from here:

http://www.eicar.org/anti_virus_test_file.htm

I've ordered a copy of NIS2008 and will further test when I receive it.
(In reply to comment #17)
> I'll probably need to spin this off into a separate bug (given that it's
> actually the _converse_ of what's being reported here), but I'm seeing
> Minefield seemingly hold on to/invoke the AV service API.
> 
> http://img171.imageshack.us/my.php?image=picture1kw9.png
> 
> In other words, what *I'm* seeing is us working when we shouldn't be...
> 

is it with NIS2007 ?
if so, problem is with NIS2008, not with NIS2007
Clearing blocking until we can reproduce ourselves, please renominate if there's reproducable steps.
Flags: blocking-firefox3+
(In reply to comment #21)
> Clearing blocking until we can reproduce ourselves, please renominate if
> there's reproducable steps.

I *CAN* confirm that this is broken, using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b2pre) Gecko/2007110805 Minefield/3.0b2pre with Norton Internet Security 2008 installed on Windows XP.

When I run Gavin's ScanTest.exe binary against eicar.zip, I get "C:\Documents and Settings\mozilla\Desktop>ScanTest.exe eicar.zip
No antivirus is installed here"

Renominating per beltzner's comment 21

Dunno if this is tech evang or our bug; let me know what you need from me, Gavin.
Flags: blocking-firefox3?
Sounds like a bug with Norton then...
Well, this bug was filed as a regression. Has anyone ever gotten Norton to do a scan of downloads at any time in the past?
(In reply to comment #24)
> Well, this bug was filed as a regression. Has anyone ever gotten Norton to do a
> scan of downloads at any time in the past?
Per Comment 19, yes.
(In reply to comment #24)
> Well, this bug was filed as a regression. Has anyone ever gotten Norton to do a
> scan of downloads at any time in the past?
> 

scan works with Norton Internet Security(NIS) 2007,
scan does not work after install/update NIS 2008.
So, that's not a regression.  Maybe NIS 2008 doesn't register with that API?

Blocking for now, but if Norton isn't using the system API, they should fix that, or explain why they're not doing so...
Flags: blocking-firefox3? → blocking-firefox3+
Keywords: regression
Priority: -- → P4
Target Milestone: Firefox 3 M10 → Firefox 3 M11
Do we have any way or anyone to get ahold of them?
Just did an uninstall/reboot/reinstall of AVG Antivirus 7.5 Free Edition
( from http://free.grisoft.com/filedir/inst/avg75free_503a1171.exe ),
and DM still fails to virus scan downloaded files (in particular, I tried the 4 files at http://www.eicar.org/anti_virus_test_file.htm ). No messages in error console. Manually scanning the 4 files with AVG detects them as threats.

 
 
Just a datapoint:

On my home machine--which has a non-functional install of Symantec AntiVirus 10.1.5.5000 (Vista)--even when AVG 7.5.503 is shown as "On", while Symantec is shown as "Off," AVG isn't auto-alerting on scan.  I *do* see the "Scanning..." flash for each download in the DM, though.

Here's the output of C:\Users\Owner\Desktop>ScanTest.exe eicar.zip
Available AV scanners:
0)
1)
Select scanner to test: 0

Output:
{ 0x2781761e, 0x28e0, 0x4109, {0x99, 0xfe, 0xb9, 0xd1, 0x27, 0xc5, 0x7a, 0xfe} }
 hr = S_OK
C:\Users\Owner\Desktop>ScanTest.exe eicar.zip
Available AV scanners:
0)
1)
Select scanner to test: 1

Output:
{ 0xb64263d2, 0x8a70, 0x4f86, {0xbc, 0x9a, 0x57, 0xbe, 0x9a, 0x7b, 0x66, 0xdd} }
 hr = S_OK

When I select scanner "1"--which is AVG--it auto-finds the "threat" eicar.zip file, and AVG pops up.

aja: can you download ScanTest.exe from http://people.mozilla.com/~gavin/ScanTest/, and run ScanTest.exe against any eicar file?  Is it possible you have rogue scanners in the background that are preventing AVG from running as the default?
(In reply to comment #30)
> Just a datapoint:
> 
> On my home machine--which has a non-functional install of Symantec AntiVirus
> 10.1.5.5000 (Vista)--even when AVG 7.5.503 is shown as "On", while Symantec is
> shown as "Off," AVG isn't auto-alerting on scan.  I *do* see the "Scanning..."
> flash for each download in the DM, though.
> 
> Here's the output of C:\Users\Owner\Desktop>ScanTest.exe eicar.zip
> Available AV scanners:
> 0)
> 1)
> Select scanner to test: 0
> 
> Output:
> { 0x2781761e, 0x28e0, 0x4109, {0x99, 0xfe, 0xb9, 0xd1, 0x27, 0xc5, 0x7a, 0xfe}
> }
>  hr = S_OK
> C:\Users\Owner\Desktop>ScanTest.exe eicar.zip
> Available AV scanners:
> 0)
> 1)
> Select scanner to test: 1
> 
> Output:
> { 0xb64263d2, 0x8a70, 0x4f86, {0xbc, 0x9a, 0x57, 0xbe, 0x9a, 0x7b, 0x66, 0xdd}
> }
>  hr = S_OK
> 
> When I select scanner "1"--which is AVG--it auto-finds the "threat" eicar.zip
> file, and AVG pops up.
> 
> aja: can you download ScanTest.exe from
> http://people.mozilla.com/~gavin/ScanTest/, and run ScanTest.exe against any
> eicar file?  

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

D:\Program Files>ScanTest.exe eicar.zip
Available AV scanners:
0)
1)
Select scanner to test: 0

no UI

Output:
{ 0x2781761e, 0x28e0, 0x4109, {0x99, 0xfe, 0xb9, 0xd1, 0x27, 0xc5, 0x7a, 0xfe} }
 hr = S_OK

file is intact.


D:\Program Files>ScanTest.exe eicar.zip
Available AV scanners:
0)
1)
Select scanner to test: 1

"Threat found" dialog, option to "Ignore" or "Move to Vault"

"Ignore" Output:
{ 0xb64263d2, 0x8a70, 0x4f86, {0xbc, 0x9a, 0x57, 0xbe, 0x9a, 0x7b, 0x66, 0xdd} }
 hr = S_OK

file is intact.

D:\Program Files>ScanTest.exe eicar.zip
Available AV scanners:
0)
1)
Select scanner to test: 1

"Threat found" dialog, option to "Ignore" or "Move to Vault"

"Move to Vault" Output:
{ 0xb64263d2, 0x8a70, 0x4f86, {0xbc, 0x9a, 0x57, 0xbe, 0x9a, 0x7b, 0x66, 0xdd} }
 hr = E_FAIL

File is deleted after choosing "Move to Vault".


> Is it possible you have rogue scanners in the background that are
> preventing AVG from running as the default?
> 
Possible I guess..though no idea what it might be.
Hmm...0 is Windows Defender, i think...and amazingly enough i first noticed this problem the day after an m/s "update tuesday".

Going to try uninstalling Windows Defender and see what happens. 
(In reply to comment #32)
> Hmm...0 is Windows Defender, i think...and amazingly enough i first noticed
> this problem the day after an m/s "update tuesday".
> 
> Going to try uninstalling Windows Defender and see what happens. 
> 
Uninstalling WIndows Defender did the trick.
I bet Windows Defender and AVG both had program updates install the same day and their order got changed.

Now getting AVG's UI and "Blocked by Parental Controls -- mozilla.com".

Why is "by Parental Controls" in the DM message????? 
(In reply to comment #33)

<snip>

> Why is "by Parental Controls" in the DM message????? 

That's bug 393303.
FWIW: Reinstall of Windows Defender indicates that it automatically sets itself as the default scanner.  Grrrr.
Ah, yeah, Windows Defender would indeed "win" if it's installed, because it's usually listed first. Bug 393305 is filed on figuring out a better default behavior. I guess that makes this bug as originally filed INVALID, or a duplicate, but I suppose it could be morphed to cover the NIS 2008 problem, assuming it isn't the same.
INVALID/DUP/morph this bug as you wish...I'm tracking 393303 and 393305 now.
added some detail on ordering in bug 393305.
I don't install Defender.
only NIS 2008.(In reply to comment #36)
> Ah, yeah, Windows Defender would indeed "win" if it's installed, because it's
> usually listed first. Bug 393305 is filed on figuring out a better default
> behavior. I guess that makes this bug as originally filed INVALID, or a
> duplicate, but I suppose it could be morphed to cover the NIS 2008 problem,
> assuming it isn't the same.
> 

I don't install Defender.
only NIS 2008.

so I think this is not INV/DUP .
The 2008 Norton and McAfee products don't seem to support the IOfficeAntiVirus com interface which is the interface Firefox is tapped into. The issue was spun off as bug 408153 for further investigation. (bug 393305 for the detail) I think we can mark this resolved - dupe of bug 408153. 
(In reply to comment #40)
> The 2008 Norton and McAfee products don't seem to support the IOfficeAntiVirus
> com interface which is the interface Firefox is tapped into. The issue was spun
> off as bug 408153 for further investigation. (bug 393305 for the detail) I
> think we can mark this resolved - dupe of bug 408153. 

As originally filed, though--see comment 5--this bug was about Windows Defender clobbering the 1st-registered AV scanner position, and thus, Download Manager not displaying its "Scanning..." UI.

Then it's a dupe of Bug 393305.
Yeah, indeed; good looking-out.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 393305
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.