In a past blog post I wrote about our recent use of Github action workflows for automating the building and release of Bitshares Beet and Bitshares NFT tools.
Since the applications we're releasing via github are unsigned and new, antivirus applications will quarantine and scan the apps before use. This is expected behaviour, but we can address this initial response to our apps without signing the code but by submitting it to the majority of antivirus solutions via VirusTotal!
Now that we automatically scan the deliverables, your antivirus will gain new signatures via antivirus signature updates and will be less likely to freak out upon running our software.
I tried using ghaction-virustotal to scan the binaries, however I encountered max file size issues blocking its use.
So rather than use the above action I figured we could use virustotal's cli directly in the github action workflow; here's an example build step from the Bitshares NFT Viewer:
generate:
name: generate files
needs: build
runs-on: ubuntu-latest
steps:
- name: reqs
run: sudo apt-get install unzip
- name: Download VT
run: wget https://github.com/VirusTotal/vt-cli/releases/download/0.10.2/Linux64.zip
- name: Unzip VT
run: unzip Linux64.zip
- name: Prepare
run: chmod +x vt
- name: Download exe
id: download
uses: actions/download-artifact@v3
with:
name: nft_viewer.exe
path: ~/
- name: Download deb
uses: actions/download-artifact@v3
with:
name: nft_viewer.deb
path: ~/
- name: Download dmg
uses: actions/download-artifact@v3
with:
name: nft_viewer.dmg
path: ~/
- name: scan
id: scan
run: |
echo "::set-output name=debVT::$(./vt scan file /home/runner/nft_viewer.deb -k ${{ secrets.VT_API_KEY }}|cut -d' ' -f2)"
echo "::set-output name=exeVT::$(./vt scan file /home/runner/nft_viewer.exe -k ${{ secrets.VT_API_KEY }}|cut -d' ' -f2)"
echo "::set-output name=dmgVT::$(./vt scan file /home/runner/nft_viewer.dmg -k ${{ secrets.VT_API_KEY }}|cut -d' ' -f2)"
- name: Calculate hashes
id: calc_hash
run: |
echo "::set-output name=debhash::$(sha256sum /home/runner/nft_viewer.deb|cut -c-64)"
echo "::set-output name=exehash::$(sha256sum /home/runner/nft_viewer.exe|cut -c-64)"
echo "::set-output name=dmghash::$(sha256sum /home/runner/nft_viewer.dmg|cut -c-64)"
- name: Perform release
uses: BTS-CM/action-gh-release@cd28b0f5ee8571b76cfdaa62a30d51d752317477
with:
files: |
/home/runner/nft_viewer.exe
/home/runner/nft_viewer.deb
/home/runner/nft_viewer.dmg
tag_name: ${{ needs.create_release.outputs.tag-name }}
body: |
Release Notes
_________________________________
Binaries for download
--------
| Platform | SHA256 Checksum | VirusTotal Analyses |
|---|---|---|
|[Microsoft Windows](https://github.com/BTS-CM/NFT_Viewer/releases/download/${{ github.ref_name }}/nft_viewer.exe)|`${{steps.calc_hash.outputs.exehash}}`|[exe](https://www.virustotal.com/gui/file-analysis/${{steps.scan.outputs.exeVT}})|
|[Linux](https://github.com/BTS-CM/NFT_Viewer/releases/download/${{ github.ref_name }}/nft_viewer.deb)|`${{steps.calc_hash.outputs.debhash}}`|[deb](https://www.virustotal.com/gui/file-analysis/${{steps.scan.outputs.debVT}})|
|[MacOS](https://github.com/BTS-CM/NFT_Viewer/releases/download/${{ github.ref_name }}/nft_viewer.dmg)|`${{steps.calc_hash.outputs.dmghash}}`|[dmg](https://www.virustotal.com/gui/file-analysis/${{steps.scan.outputs.dmgVT}})|
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
In the above, we download and ready the use of virustotal's cli tool, scan the files storing the output analysis id in a system variable for inclusion in the release markdown.
Output markdown (from nft_viewer releases)
Platform | SHA256 Checksum | VirusTotal Analyses |
---|---|---|
Microsoft Windows | 45963330df9406bc51b72154e0222fe15470d7fda045b38f48d6838e2f7d14b4 | exe |
Linux | e1c2637a96ef68dc7deadb39a1690fc26a9143f8858d8d20ee4d6e7546edf45c | deb |
MacOS | cc9c45381cf5f478f08a6108bfddeed62a2fee6cf69723d5c27ead02c9a092b4 | dmg |
This virustotal solution will be introduced to the Bitshares NFT issuance tool and will be proposed for the Bitshares beet repo too.
Don't forget to check out the nftea gallery for Bitshares based NFTs!