If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Firefox appears to run virus scan when no A/V is installed

RESOLVED INCOMPLETE

Status

()

Toolkit
Downloads API
--
major
RESOLVED INCOMPLETE
9 years ago
5 years ago

People

(Reporter: the-edmeister, Assigned: Anthony Papillion)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6

Fresh installation of W2K including SP4 and all MS updates beyond SP4. The only additional program that was installed beyond the O/S was Firefox 3.

Firefox 3 shows that it was doing an anti virus scan as I was downloading the AV program I was going to install after a re-format and O/S re-installation. 

Reproducible: Always

Steps to Reproduce:
1.Fresh installation of a Windows O/S that doesn't include any sort of A/V program, such as Windows Defender.
2. Install Firefox 3 or higher and then download the A/V program of choice.
3.


Expected Results:  
I would expect a warning that an appropriate, registered with Windows, A/V program was not installed. Or a warning that the scan wasn't actually done even though the Firefox download window showed the scan was being performed.

What good is the false indication that a scan is being performed?
Firefox doesn't warn when no virus scanner is registered and it should not do that.

I would dupe that to bug 461989 but you are using win2k
Component: General → Download Manager
Product: Firefox → Toolkit
QA Contact: general → download.manager
(Reporter)

Comment 2

9 years ago
Why shouldn't Firefox display a warning? 
Firefox is showing that a scan is being done - when there is anything installed to actually do the scan.
(Reporter)

Comment 3

9 years ago
I meant to say "when there isn't anything installed to actually do the scan."
It should either show scanning or not but not a warning.
I have for example no AV software installed that supports the used windows API and i don't want to see a warning.

Comment 5

9 years ago
Right.  It would be better to say nothing instead of the misleading "Scanning for Viruses".
I thought we had this case covered in the initial implementation. nsDownload::SetState has the scanner scan the download when the state is set to scanning. The scan should fail if there are no IOfficeAntiVirus providers (which should be true for clean installs of Win2k/XP) and IAttachmentExecute is not available (true for Win2k or pre-SP2 XP). Once the scan fails, nsDownload::SetState should fall through to the DOWNLOAD_FINISHED case, pretending that it was really the state we meant to pick. I don't think we even dispatch the dl-scanning event in that case. I am not sure how the UI works for this.

Comment 7

9 years ago
This is misleading and might be very dangerous. I was simply stunned when one of my users refuted my usual carelessness tirade by pointing the clearly visible "scanning for viruses" dialogue in the browser I recommended and installed myself. I only install Clamwin, for the obvious reasons, but he ignored the step of rightclick->scan, because of this message!
Duplicate of this bug: 501645

Updated

8 years ago
Duplicate of this bug: 530307
Duplicate of this bug: 684350
This continues to misleading users 2 years later. Any chance we can get this fixed in an upcoming release? Maybe Firefox 9?
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 2000 → All
Hardware: x86 → All
(Assignee)

Comment 12

6 years ago
If possible, I'd like this bug assigned to me. I'm willing to willing to work on a patch to resolve it. Thanks!
(In reply to Anthony Papillion II from comment #12)
> If possible, I'd like this bug assigned to me. I'm willing to willing to
> work on a patch to resolve it. Thanks!

Click the "take" link beside Assigned To to assign a bug to yourself. Thanks.
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #13)
> (In reply to Anthony Papillion II from comment #12)
> > If possible, I'd like this bug assigned to me. I'm willing to willing to
> > work on a patch to resolve it. Thanks!
> 
> Click the "take" link beside Assigned To to assign a bug to yourself. Thanks.

This user did not have editbugs yet, assigning to him.

Anthony, thanks for working on this bug!
Assignee: nobody → papillion
(Assignee)

Updated

6 years ago
Status: NEW → ASSIGNED

Comment 15

6 years ago
Firefox 6.0.1 does not seem to have the problem. 

When I was using the browser in XP I was using M.R.T. but not antivirus at that time XP MRT did not check for ecair  test  virus but Fire fox said it was testing download hence the warning from me.

                                       Firefox 6 excellent
                                       Firefox Mig 25 suck

Comment 16

5 years ago
(In reply to Rob Arnold [:robarnold] from comment #6)
> I thought we had this case covered in the initial implementation.

Well you didn't. This was one of the most plain and obvious things broken when Firefox 3 was released, and it's still broken. Don't you guys test any more? This message is absolutely dangerous, and doubtless misleads people on a daily basis. It should be of critical priority to just disable browser.download.manager.scanWhenDone, if nothing else, and just let anti-virus scanners do what they're supposed to do.
It's still reproducible?
If not we can close it, because seems Anthony Papillion forgotten about this bug and patch.
(In reply to Virtual_ManPL from comment #17)
> It's still reproducible?
> If not we can close it, because seems Anthony Papillion forgotten about this
> bug and patch.

Agreed. Let's give Anthony 2 weeks to respond.
Whiteboard: [CLOSEME:2012-09-10]

Comment 19

5 years ago
Resovled per whiteboard
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INCOMPLETE
Whiteboard: [CLOSEME:2012-09-10]
You need to log in before you can comment on or make changes to this bug.