Share this project

Done

Share this project

Done
The world needs an alternative Windows Store. Chocolatey is thriving as that store. Help us make The Chocolatey Experience a reality!
The world needs an alternative Windows Store. Chocolatey is thriving as that store. Help us make The Chocolatey Experience a reality!
1,044 backers pledged $51,071 to help bring this project to life.

Virus Scanning Feature is Here!

2 likes

The feature you've been waiting patiently for is finally here! We are excited to be working with VirusTotal to bring this feature to our pro/biz users! The virus scan check feature offers a second opinion to your existing antivirus solution and checks downloaded files at runtime, protecting you from possibly malicious files automatically.

  • Install today's release of the beta of Chocolatey - choco upgrade chocolatey -pre -version 0.9.10-beta-20160314 
  • Run the following command: choco upgrade chocolatey.extension

Once you've done this, you will have virus scan checking available. 

Here is a screenshot of the normal output:

Here is a screenshot of what it looks like when it protects you automatically:

How Does it Work?

  • After a download, it will check a file against Virus Total's scan engines to determine how safe the file is as a secondary check to the virus scanner you may already have running. 
  • If there are existing scan results, it will determine based on the number of positives whether the file is likely safe or not (you can adjust the minimum positives number up or down).
  • If the number is over the minimum positives, it will require you to make the determination on the safety of the file. In other words, it will protect you by failing the install, but it will give you instructions on how to override choco (see image above).
  • If choco doesn't find a virus scan has been completed before, it will ask you if you want to upload the file. It will default to no (some users will have things they don't want pushed publicly, especially organizations that might be using the default feed in addition to internal feeds - although we always recommend against organizations using the default feed - see organizational recommendations).
  • Whether or not you choose to upload a file when no scan is found, the virus check will fail the install as a matter of protection. Chocolatey will not make the determination if you got the file you were supposed to get from the source you thought you were getting it from, so it errors on the side of caution.
  • A scan across all of the engines can take awhile, so it will fail with an error and notes on how you can move forward immediately if you trust the file. Virus scans can take up to 15 minutes so it will request you try again in about 15 minutes.
  • You can skip or run a virus check with command options - see `choco install -h` for details (the image below contains the options for install/upgrade). 
  • If you are a Pro user, virus checking is turned on automatically for you, but you can turn it back off if you need to with a feature (`choco feature`) flipper.

Organizations and the Default Virus Scanner

For business users the default scanner is not on by default because it reaches out to the internet. You can turn it on with a feature flipper (`choco feature`) if you want to check against something on the internet (most medium-large organizations will not). 

More Virus Scanning Options

Following this release in the next few weeks we will have another release that offers a way for you to (also) hook Chocolatey into your existing anti-virus solutions.

Bill Sorensen and Gary Ewan Park like this update.

Comments

Only backers can post comments. Log In
    1. Rob Reynolds Creator on March 14, 2016

      It's worth noting that there are some binaries that trip off lots of scanners, but are not necessarily malware (like some of the NirSoft packages). Although with this feature, you are now able to make a determination of whether things are safe or not. :D