Opened 7 years ago
Closed 7 years ago
#6103 closed Enhancement (invalid)
Uploading a new torrent & Verifying a completed download, resets the File Quarantine flag - to rescan file against XProtect blacklist
| Reported by: | collegeitdept | Owned by: | livings124 |
|---|---|---|---|
| Priority: | Normal | Milestone: | None Set |
| Component: | Mac Client | Version: | 2.92 |
| Severity: | Major | Keywords: | Security, XProtect, File Quarantine |
| Cc: |
Description
This is important & easy to implement... do not close ticket
- When the user manually does a 'Verify Local Data' operation on completed transfer: reset the File Quarantine flag so that it can be rechecked against the XProtect blacklist
Apple routinely updates the XProtect blacklist, and already completed download transfers should be re-scaned against the updated XProtect blacklist (because it only checks on first launch)
- When the user adds a file to Transmission to seed a new file - Transmission verifies that file before seeing. When it does that, reset the File Quarantine flag and check the XProtect blacklist
If XProtect detects the file is in fact malware, display a warning immediately to the user with the option to delete the file.
Change History (5)
comment:1 follow-up: ↓ 2 Changed 7 years ago by mike.dld
- Resolution set to invalid
- Status changed from new to closed
comment:2 in reply to: ↑ 1 Changed 7 years ago by x190
Replying to mike.dld:
... why would anyone try to open file which isn't complete yet?
Because they can be previewed quite well in apps like VLC.
comment:3 Changed 7 years ago by collegeitdept
XProtect can't re-verify... It only verifies ONCE - at first launch
The problem being... say XYZ downloads a file on Day 1
Day 2, Apple updates the blacklist.
Day 3, user Verifies the file in Transmission, or decides to seed that file to another tracker which then forces Transmission to verify the file again. File Quarantine flag is reactivated, and XProtect will reverify the file...
and guess what? The file is Malware! You just helped countless number of users!
comment:4 Changed 7 years ago by collegeitdept
- Resolution invalid deleted
- Status changed from closed to reopened
comment:5 Changed 7 years ago by mike.dld
- Resolution set to invalid
- Status changed from reopened to closed
Again, I don't see how's that Transmission's responsibility to manipulate attributes of files it doesn't modify. Verification has a clear purpose: check whether file content on disk matches metadata. If XProtect doesn't do what you want, please send feedback to Apple.
Why would Transmission reset any flags for files it didn't itself modify? I could've inderstood your point if you were proposing to reset the flag when we indeed modify the file during download, but then why would anyone try to open file which isn't complete yet?
Overall, XProtect's quarantine flag is private implementation detail and I think programs shouldn't modify it. If XProtect has already verified the file why would we force it to do this again? And if the file was modified after verification, it's XProtect's responsibility to treat the flag as no longer valid and re-verify on its own.