Opened 6 years ago

Closed 6 years ago

#6103 closed Enhancement (invalid)

Uploading a new torrent & Verifying a completed download, resets the File Quarantine flag - to rescan file against XProtect blacklist

Reported by: collegeitdept Owned by: livings124
Priority: Normal Milestone: None Set
Component: Mac Client Version: 2.92
Severity: Major Keywords: Security, XProtect, File Quarantine
Cc:

Description

This is important & easy to implement... do not close ticket

  1. When the user manually does a 'Verify Local Data' operation on completed transfer: reset the File Quarantine flag so that it can be rechecked against the XProtect blacklist

Apple routinely updates the XProtect blacklist, and already completed download transfers should be re-scaned against the updated XProtect blacklist (because it only checks on first launch)

  1. When the user adds a file to Transmission to seed a new file - Transmission verifies that file before seeing. When it does that, reset the File Quarantine flag and check the XProtect blacklist

If XProtect detects the file is in fact malware, display a warning immediately to the user with the option to delete the file.

Change History (5)

comment:1 follow-up: Changed 6 years ago by mike.dld

  • Resolution set to invalid
  • Status changed from new to closed

Why would Transmission reset any flags for files it didn't itself modify? I could've inderstood your point if you were proposing to reset the flag when we indeed modify the file during download, but then why would anyone try to open file which isn't complete yet?

Overall, XProtect's quarantine flag is private implementation detail and I think programs shouldn't modify it. If XProtect has already verified the file why would we force it to do this again? And if the file was modified after verification, it's XProtect's responsibility to treat the flag as no longer valid and re-verify on its own.

comment:2 in reply to: ↑ 1 Changed 6 years ago by x190

Replying to mike.dld:

... why would anyone try to open file which isn't complete yet?

Because they can be previewed quite well in apps like VLC.

comment:3 Changed 6 years ago by collegeitdept

XProtect can't re-verify... It only verifies ONCE - at first launch

The problem being... say XYZ downloads a file on Day 1

Day 2, Apple updates the blacklist.

Day 3, user Verifies the file in Transmission, or decides to seed that file to another tracker which then forces Transmission to verify the file again. File Quarantine flag is reactivated, and XProtect will reverify the file...

and guess what? The file is Malware! You just helped countless number of users!

Last edited 6 years ago by collegeitdept (previous) (diff)

comment:4 Changed 6 years ago by collegeitdept

  • Resolution invalid deleted
  • Status changed from closed to reopened

comment:5 Changed 6 years ago by mike.dld

  • Resolution set to invalid
  • Status changed from reopened to closed

Again, I don't see how's that Transmission's responsibility to manipulate attributes of files it doesn't modify. Verification has a clear purpose: check whether file content on disk matches metadata. If XProtect doesn't do what you want, please send feedback to Apple.

Note: See TracTickets for help on using tickets.