We build software deliverables as files on a build server. Once every few months, some of these files are rejected by some of the virus scanners available.
I want to avoid post-shipment issues with the files.
How can I use the VirusTotal provider with Invantive SQL in my build process to early detect false positives on our new software?
The best way is to first upload all files eligible for virus infection using:
insert into VirusScanRequests(type, name, contents, orig_system_reference)
select 'file'
, fle.file_path
, rfe.file_contents
, fle.file_path orig_system_reference
from ( select 'exe' ext from dual@datadictionary
union all
select 'dat' from dual@datadictionary
union all
select 'dll' from dual@datadictionary
union all
select 'pdf' from dual@datadictionary
union all
select 'chm' from dual@datadictionary
) ext
join files('c:\PATH', '*.' || ext.ext, false)@os
fle
join read_file(fle.file_path)@os rfe
on length(rfe.file_contents) < 32e6
--
-- Allow restarts with incremental loading: when already requested skip it.
--
where fle.file_path not in (select name from virusscanresults )
And then after some time check the outcome of the virus scans:
select vst.name
, vsr.positives
, vsr.total
from VirusScanResults vst
join VirusScanReport('file', vst.resource) vsr
where vst.resource is not null
order
by vsr.positives desc
When you replace vsr.positives by vsr.* you will get a list of all virus scanners and their results.
You can also schedule it to run every once so often or include it in the build program you are using.
