Show the analysis result before scanning the file again, just like the web GUI? #76
Comments
|
Hello @PeterDaveHello, You can check wether a file is already scanned at VT by doing this: $ vt file <sha256 of the file you want to check>Does this fit what you need? |
|
Not exactly the same, was just wondering if that can be done in one step, not sure if that'd be considered here? |
|
Hello @PeterDaveHello, That is not supported. Actually the UI first checks by doing the If you are worried about doing it in two steps, let me clarify here that if you are the first submitter of a file you won't be charged API quota for uploading it. So it's safe to first check and then, if it's not in VT, scan it. I hope this helps. |
|
Hi @mgmacias95, Thanks for mentioning the API quota issue, though I'm just lazy about the steps, won't be worried about the API call at all 😆 So looks like the feature like the Web UI will do(check before submit and scan again) won't be supported? Or that's something worth to be considered? 😄 It's fine if that's not something going to happened, just want to ask and see if it's possible, thanks again. |
|
Hello @PeterDaveHello, Feel free to make a contribution if you want to add that feature. I can provide some guidance on how to do it. Thanks! Regards, |
|
@mgmacias95, thanks for that! If we add this feature, what new behavior would you like to see? Should we just align the behavior with the WebUI—check if it's scanned by default? Or would an additional parameter like |
|
I think it's best to add an additional parameter so the current behaviour is not changed for those who are already used to it. |
Related to VirusTotal#76 Adds a feature to check if a file is already scanned before initiating a new scan using the `--check-before-scan` flag with the `vt scan file` command. - Implements a new flag `--check-before-scan` in `cmd/scan.go` to enable the pre-check feature. - Modifies the `fileScanner` struct to include a `checkBeforeScan` boolean field. - Adds logic in the `fileScanner.Do` method to check if the file is already scanned by calculating the file's hash and querying it before proceeding with a new scan. - Updates the `README.md` to document the usage of the new `--check-before-scan` flag. --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/VirusTotal/vt-cli/issues/76?shareId=c6d9605a-3f1b-4676-b6d0-c0ce931a9fbb).
Related to VirusTotal#76 Adds a new `--check-before-scan` flag to the `vt scan file` command to enable checking if a file is already known to VirusTotal before uploading it for scanning. This feature aims to save resources by avoiding unnecessary scans of files that have already been analyzed. - Introduces a new boolean flag `checkBeforeScan` in the `fileScanner` struct to store the state of the `--check-before-scan` flag. - Modifies the `NewScanFileCmd` function to register the `--check-before-scan` flag and update the command's help and example texts to reflect the new functionality. - Updates the `scanFileCmdHelp` and `scanFileCmdExample` variables with information about the new flag. - Documentation in `README.md` and `doc/vt_scan_file.md` is updated to include the new `--check-before-scan` flag and its intended use. --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/VirusTotal/vt-cli/issues/76?shareId=5e1b3985-b434-466e-8b93-41c586cbcbc6).
I wonder if the cli can support the behavior just like the web GUI, sometimes, a large file just scanned a few hours ago, and it actually came from an authorized source that doesn't worry us to scan and wait for the result again, just hours or even minutes later after the last scanning. That feature could also saving the resources on VirtusTotal!
The text was updated successfully, but these errors were encountered: