Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Acknowledge malware/spam warnings from GCD #447

Merged
merged 1 commit into from
Jan 4, 2019
Merged

Acknowledge malware/spam warnings from GCD #447

merged 1 commit into from
Jan 4, 2019

Conversation

s4y
Copy link
Contributor

@s4y s4y commented Jun 13, 2018

If Google thinks that a file is malware or spam (which can happen
spuriously to blobs of encrypted data), it will prevent the initial
download and return an error with reason "cannotDownloadAbusiveFile".
The API expects a program to prompt the user in this case and then,
optionally, let them bypass it.

Ideally duplicacy should prompt, but this patch just logs a warning.

When I printed err.(*googleapi.Error), its Errors field was empty,
hence the sketchy string matching. It's possible that I did something
wrong, though.

Fixes issue #443.

@s4y
Acknowledge malware/spam warnings from GCD
20172e0 
If Google thinks that a file is malware or spam (which can happen
spuriously to blobs of encrypted data), it will prevent the initial
download and return an error with reason "cannotDownloadAbusiveFile".
The API expects a program to prompt the user in this case and then,
optionally, let them bypass it.

Ideally duplicacy should prompt, but this patch just logs a warning.

When I printed `err.(*googleapi.Error)`, its `Errors` field was empty,
hence the sketchy string matching. It's possible that I did something
wrong, though.
@s4y s4y mentioned this pull request Jun 13, 2018
Open
@leftytennis
Copy link
Contributor

This should be a command line switch in my opinion to leave it to the user whether they want to download potentially dangerous content.

@gilbertchen
Copy link
Owner

Do you still keep the chunk that caused the error? If so do you mind sharing the file with me so I can reproduce the error myself?

@s4y
Copy link
Contributor Author

s4y commented Jul 11, 2018

@gilbertchen Sure thing. I made it public under the assumption that the chunk is encrypted and doesn't leak any information on its own, but let me know if that's not the case and I'll lock it down:

https://drive.google.com/file/d/1BAn6XfBFWTjmH5Vjn7OgW25pOo-GKuzZ/view

@TowerBR
Copy link

TowerBR commented Jul 11, 2018

@s4y , I tried to download the file out of curiosity, but ...

"Sorry, this file is infected with a virus
Only the owner is allowed to download infected files."

Have you tried uploading the file to www.virustotal.com to see what the various antivirus programs say?

@gilbertchen
Copy link
Owner

I was able to download the file by creating a copy in Google Drive and then downloading the copy.

virustotal.com results: https://www.virustotal.com/#/file/a99631f46c2e2458cc0b6c309dcc8bac64ada55422e676f172b78d49ee5e8b91/detection

@s4y
Copy link
Contributor Author

s4y commented Jul 11, 2018

And, just to make sure, the file does look like the expected Duplicacy encrypted noise, right?

@gilbertchen
Copy link
Owner

@s4y yes, that chunk file is encrypted by a randomly generated key stored in your config file so no one else can decrypt it.

@gilbertchen gilbertchen merged commit 242db83 into gilbertchen:master Jan 4, 2019
@gilbertchen
Copy link
Owner

Thank you for the fix. The string matching is fine as it looks like the Google Drive library code doesn't unmarshal the body before returning the error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@s4y @leftytennis @gilbertchen @TowerBR