Open Bug 561089 Opened 10 years ago Updated 8 years ago

External Application seems to be launched before virus-scan finished.

Categories

(Toolkit :: Downloads API, defect, major)

x86
Windows XP
defect
Not set
major

Tracking

()

People

(Reporter: masa141421356, Unassigned)

References

Details

(Keywords: sec-moderate, Whiteboard: [sg:moderate?])

When seeing web contents that is handled by external application, it should be launched after finish of virus-scan , but , not external application seems to be launced before finish of visus-scan.

Steps to reproduce.

1. Install Binary editor
2. Access http://www.eicar.org/download/eicarcom2.zip and open it with your binary editor

Expected result
  Binary editor is launched after finish of virus scan
Actual result
  Binary editor seems to be launched before finish of virus scan

# Eicar is too small , and it takes too short time to scan.
# binary editor is exactly launched before finish of Download Manger's virus-scan visual effect.
# finish of virus-scan visual effect does not mean finish of virus-scan.
# Binary editor may be launched after finish of virus-scan.
Status: NEW → UNCONFIRMED
Ever confirmed: false
Group: core-security
Whiteboard: [sg:moderate?]
sdwilsh/robarnold: can you confirm / outline what might be going on here?
There's a pretty simple state machine that keeps us from the final state before the virus scanner returns from the API call. It could lie to us and return before it's done (or we shouldn't assume that the API call returning implies the scanning is done). I think the code path between 'save' and 'open' for downloads are different. I only remember testing the save path.

Comment #0 seems to indicate that this may just be UI lag.
(In reply to Justin Dolske [:Dolske] from comment #1)
> sdwilsh/robarnold: can you confirm / outline what might be going on here?
It is happening.  exthandler doesn't trigger the virus scanning, so when you select "open with...", we open with exthandler before we can scan the download.  See bug 517022 for more details.
Status: UNCONFIRMED → NEW
Ever confirmed: true
I'll go ahead and take this since I'm working on 517022 as well
Assignee: nobody → tabraldes
Status: NEW → ASSIGNED
Tim, are you working on this?
Not currently.  I should have time to pick this up again after next week, but I'll de-assign myself in case you or someone else can take it in the meantime.
Assignee: tabraldes → nobody
Status: ASSIGNED → NEW
You need to log in before you can comment on or make changes to this bug.