firefoxantivirusantivirus-integration

How does Firefox Version 3 invoke the anti-virus feature on Windows to scan a download?


Another question on StackOverflow is asking how this is done, but the general question of how Firefox manages this is even more useful, and would answer that question also.

Without reading all the source code to firefox (I haven't time) - is anyone familiar enough with Firefox V3's ability to invoke a scan on any downloaded EXE file to know how it works? I would think any anti-virus program with active protection would hook into windows and be run automatically. Does firefox detect these hooks and bring them up by creating a windows folder and moving the file after it is downloaded from a temporary filename, to a new file name with .exe in the name, thus triggering the automatic protection? Or do they do something else?

(This is a programming question in that I want to know how to write this in general, and this would answer the above question, but also be a good piece of knowledge to add to the knowledgebase-that-is-stackoverflow.)

Also, any programmatic SDKs and APIs that commercial anti-virus programs provide for end-user application integration, I would like to know about. Especially MS Forefront, MS Security Essentials, Norton, or any other major players.

OESIS from opswat appears to provide this as a commercial SDK/application, which is a surprise when it probably should be a Windows API, given that what we're doing here is in the public good of all humans who have to use windows.] - actually it is - it is built into the windows shell. See the first link in this question for more resources.


Solution

  • I did a quick search through the Mozilla code base and found these source files:

    ./toolkit/components/downloads/src/nsDownloadScanner.cpp
    ./toolkit/components/downloads/src/nsDownloadScanner.h
    

    A comment close to the top may have your answer:

    Download scanner attempts to make use of one of two different virus scanning interfaces available on Windows - IOfficeAntiVirus (Windows 95/NT 4 and IE 5) and IAttachmentExecute (XPSP2 and up). The latter interface supports calling IOfficeAntiVirus internally, while also adding support for XPSP2+ ADS forks which define security related prompting on downloaded content.