What are people using to scan for malicious files before transferring the file out of a download qube?

EverydayImbuffering · October 10, 2021, 12:54pm

Thanks ill keep that in mind, not sure what I can do about cloud services, still waiting on Joplin to sort out its future services

ppc · October 10, 2021, 12:58pm

have you tried nextcloud

EverydayImbuffering · October 10, 2021, 1:00pm

Im currently using Nextcloud

ddevz · October 10, 2021, 6:46pm

To make this more clear, if you are transferring from a disposable qube to another qube on your system, then you can load a file manager in the qube which right clicking will give you the options "Copy to VM” or “Move to VM”. A authorization window will pop up saying a file wants to be copied/moved to another qube, and it will ask you what qube to send it to.

The trick is getting to a file manager in a disposable qube because if you try to open a file manager from the “Q button” in the top left corner, it’ll launch a new seperate disposable qube which wont have your file in it. If you are running firefox in the disposable qube, you can get to a file manager by downloading something, then right clicking on the down arrow, and selecting “open containing folder”

joe.blough · October 10, 2021, 8:23pm

I also download something in forefox to get a file manager within the same dispxxxx qube. If you need to scan a usb drive, you have to send it to the dispxxxx qube. You can also use a fixed name disposable but I’m not sure this is as secure.

fiftyfourthparallel · October 11, 2021, 12:42pm

This probably isn’t very helpful for Linux newbies, but using the CLI commands qvm-move and qvm-copy, followed by the file path, would get around your issue. It doesn’t require learning anything remotely advanced, and people should really know how to enter filepaths into the terminal.

ddevz · October 11, 2021, 12:55pm

I agree. That’s how I personally do it. I just put the “right click download” method in instructions I’m giving to other people since more people are likely to understand those instructions correctly then if I wrote out the whole qvm-copy/qvm-move method (which since it’s a disposable, requires making them aware of the right hand “Q” menu in order to open a shell)

ppc · October 11, 2021, 1:23pm

@fiftyfourthparallel can you spit this from post 17 (with a hope of you don’t messing thing up)

fiftyfourthparallel · October 11, 2021, 1:30pm

I glanced over the thread and don’t feel we have enough of a digression to warrant a split, and the content isn’t helpful enough to set up a new thread for people to find.

However, I can also see the case for splitting it, so I’ll leave it to other mods/leaders to decide.

ppc · October 11, 2021, 1:39pm

It about copying file to other qubes, not scanning file

oh, i see

newbie · October 30, 2021, 10:28pm

hi, do you mind to share the script ?
to convert PDF to Qubes’ trusted PDF (bitmap) and to check PDFs for javascript.

I see here also got similar reference:

ppc · October 31, 2021, 2:06am

it a build-in qubes tool that i don’t remember the name

Scumbag · October 31, 2021, 4:20pm

I just open/edit all downloaded/incoming documents in DispVMs. In the case they would contain a rare Xen exploit and thus be able to compromise the machine, I don’t have any confidence that an antivirus would detect that anyway. Also, ClavmAV has a worse detection rate than the normal well known commercial antivirus softwares.

ppc · November 1, 2021, 12:15am

just recently found this

ddevz · November 1, 2021, 6:30pm

After you edit a file, do you never send that file to anyone else?
Especially if that someone else considers emails from you as a trusted source.

Not expecting it to catch everything, nor relying on it catching everything, but I don’t see that as a reason to actively avoid doing it.

arkenoi · November 1, 2021, 6:40pm

“Scanning” is a bad idea. Normalizing/sanitizing data is the proper way.

ddevz · November 1, 2021, 10:03pm

Can you elaborate?

arkenoi · November 1, 2021, 10:14pm

The idea of “antivirus”, “malware detection” etc is based on an illusion that you can enumerate “all bad code” or heuristically detect all code that could be “bad” (which leads us to computational problems that are proven unsolvable). Sanitizing data to a known safe format keeps us within the bounds of a predictable state machine.

unman · November 2, 2021, 1:46pm

I don’t know any one in AV who believes this.

Sanitising data is well and good, but for many people who interact
with corporate or “ordinary” contacts, it’s not an option.
I work almost entirely in plain text - even so I have to interact
with contacts who use Office - whether MS or libre - and are part of an
ecosphere where that is the common currency. Or they use PDFs with
many Acrobat features.
In those cases, it makes sense to scan outgoing attachments with the
best tools available. I cant afford to do otherwise.
This is part of being a good neighbour.

I **never** presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.

Scumbag · November 2, 2021, 7:48pm

All people I send files to use Windows with an AV, so they already automatically have the files scanned.
Plus, if the file is created by me on Qubes, the chances of it being infected are way smaller because of Qubes compartmentalization.
I also don’t see it as actively avoiding doing it, since that is default on non-Windows systems. It would be actively doing it if I were to scan documents.

It is also not my responsibility that a receiver doesn’t scan files received from me, because he deems it not necessary as he considers me trusted. The responsibility for that choice is theirs. If you receive a file from someone you trust, do you choose to not scan or otherwise not take security precautions before you open it?