Virus Total: File-upload text entry box doesn't work

[Virus Guy]

I've tried Firefox 2.0, Netscape 9, and Opera 11.01 (all running under
Win-98) but the results are the same.

I can't seem to type anything (anything visible anyways) in the
file-upload entry box.

The "Choose File" button works, insofar as it brings up a file explorer
window and I can choose a file, but the chosen file name / path doesn't
appear in the box, and the "Scan it" button does nothing.

What sort of web-coding are they using that would break this file-upload
interface when using an older browser?

I would have thought that Opera 11 would have worked...

[Virus Guy]

Virus Guy wrote:

> I can't seem to type anything (anything visible anyways) in the
> file-upload entry box.

Bad coding on their part.

It was something in my hosts file that was preventing the file-selection
/ file-entry part from working.

Most likely it's one of these:

127.0.0.1 ajax.googleapis.com
127.0.0.1 apis.google.com
127.0.0.1 id.google.ca
127.0.0.1 clients1.google.ca
127.0.0.1 ssl.google-analytics.com

And specifically, ajax.googleapis.com.

[FromTheRafters]

How is that *their* bad coding?

[Virus Guy]

FromTheRafters wrote:

> > Bad coding on their part.

> > And specifically, ajax.googleapis.com.
>
> How is that *their* bad coding?

Browsing the broken web

http://blog.patrickmeenan.com/

============
Testing for Frontend Single Points Of Failure

For the purposes of this example I'll be "breaking" the twitter,
Facebook and Google buttons as well as the Google API server (jquery,
etc) and Google Analytics.

(...)

Congratulations, you just experienced a Frontend SPOF - now go fix it so
your users don't have to feel the same pain (assuming it is a site you
control, otherwise just yell at the owner).
=============

[Shadow]

Forcing users to allow javascript is strange, on an
anti-malware site
[]'s

PS Even Jotti has a
hxxp://pagead2.googlesyndication.com/pagead/show_ads.js, but
it's not mandatory.
You can't send anything without allowing Google on Virustotal.
I suppose it all comes down to funding.

[Ant]

"Shadow" wrote:

> Forcing users to allow javascript is strange, on an
> anti-malware site

Unfortunately it's all too common these days that sites depend on
scripting instead of it being an enhancement.

> You can't send anything without allowing Google on Virustotal.

They're using jQuery via the Google Libraries API. I'm not sure what
the point of this API is other than to gather all the popular script
libraries in one place. VT could just as easily host their own copy
of jQuery as they have done with some other scripts.

> I suppose it all comes down to funding.

I detest these script libraries because they add bloat and bugs. VT
only needs a simple submission form and a possibly a little script to
upload samples. I've never been able to get their page to play nicely
and use the email submission option instead.

[David H. Lipman]

From: "Ant" <n...@home.today>

But Ant you could use the VirusTotalUploader2 utility instead.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[Ant]

"David H. Lipman" wrote:

> From: "Ant"
>| I detest these script libraries because they add bloat and bugs. VT
>| only needs a simple submission form and a possibly a little script to
>| upload samples. I've never been able to get their page to play nicely
>| and use the email submission option instead.
>|
>
> But Ant you could use the VirusTotalUploader2 utility instead.

I didn't know about that. Actually I prefer email because they send me
the results and I don't have to visit the web page. There's another
reason I use mail which applies to members of our forum.

The only time I visit is to pull down results when others post a link.
Even that fails sometimes and I get a submission page or "this has
already been submitted" - quite bizarre.

[Virus Guy]

Ant wrote:

> They're using jQuery via the Google Libraries API. I'm not sure what
> the point of this API is other than to gather all the popular script
> libraries in one place. VT could just as easily host their own copy
> of jQuery as they have done with some other scripts.

Is it possible for your own computer (ie - localhost) to operate it's
own web-server, such that you could obtain a copy of these google
libraries and host them on your own computer?

[Ant]

"Virus Guy" wrote:

> Is it possible for your own computer (ie - localhost) to operate it's
> own web-server, such that you could obtain a copy of these google
> libraries and host them on your own computer?

Sure you can. Microsoft's FrontPage web authoring tool had a mini
server you could set up for testing web pages. I've done this in the
dim and distant past at a place I worked. Presumably you'd put the
google host names you wanted to emulate in the hosts file and point
them at your local server. Don't ask me for details though; I've long
forgotton and it's not my area of expertise or interest.

[Virus Guy]

Ant wrote:

> > Is it possible for your own computer (ie - localhost) to operate
> > it's own web-server
>

> Sure you can. Microsoft's FrontPage web authoring tool had a mini
> server you could set up for testing web pages.

Ok, so I've installed the "Personal Web Server" that came with Windows
98 (something that, apparently, didn't come with Windows XP - ah ha!)

Any ideas what file I need to grab from ajax.googleapis.com and host
locally so that VirusTotal's file-submission form works?

[Ant]

"Virus Guy" wrote:

> Ok, so I've installed the "Personal Web Server" that came with Windows
> 98 (something that, apparently, didn't come with Windows XP - ah ha!)

One possible problem - the script links are using SSL (https) so the
server must be able to handle that.

> Any ideas what file I need to grab from ajax.googleapis.com and host
> locally so that VirusTotal's file-submission form works?

Possibly this:
https://www.google.com/jsapi

Certainly this:
https://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js

The first, jsapi, is script which references many other google files
as you can see from the variables ServiceBase and GoogleApisBase which
give the base URLs. They are all the script libraries and goodness
knows what else (I don't know what "uds" is). I could be wrong but
it's not obvious that VT uses anything in this file. Perhaps you can
get away without it. Look for the Google Libraries API developer's
guide for more info.

The second is the jQuery script library which does not reference any
external stuff as far as I can tell.

VT also uses the google-analytics domain but that shouldn't affect the
functionality.

[Virus Guy]

Ant wrote:

> One possible problem - the script links are using SSL (https) so
> the server must be able to handle that.

Yea, that's the problem.

I can get this to work:

http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js

but not this:

https://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js
^

Would something as simple as re-directing port-443 to port-80 work?

I don't think that the Personal Web Server can handle TLS/SSL...

[Virus Guy]

Virus Guy wrote:

> > One possible problem - the script links are using SSL (https) so
> > the server must be able to handle that.
>
> Yea, that's the problem.

So I downloaded this (Abyss Web Server)

http://software-files-a.cnet.com/s/software/11/90/11/03/abwsx1.exe

More info here: http://abyss.sourceforge.net/

I apparently downloaded the free/limited-functionality commercial
version from the cnet link.

This web server (this free version) can do http and https - but not at
the same time. I have to choose one or the other in the config
settings.

So I've got it working as an https server on port 443, and the link to
googleapis.com jquery.min.js works fine (but I did have to create a
dummy self-signed SSL certificate and tell my browser to accept it).

I guess I'll still have to have the Microsoft Personal Web Server
running for any http port-80 stuff I want to serve.

So I try out VT with this new setup, and I get this:

===============
You have attempted to establish a connection with
"ajax.googleapis.com". However, the security certificate presented
belongs to "test". It is possible, though unlikely, that someone may be
trying to intercept your communication with thie website. If you
suspect the certificate shown does not belong to "ajax.googleapis.com",
please cancel the connection and notify the site administrator.
===============

I click "OK" (to accept this situation) and I get another similar
message, but this time instead of ajax.googleapis.com I get
ssl.google-analytics.com. I don't know what file it's looking for in
this case. I just continue by hitting OK.

The VT website continues normally and I'm able to submit a file for
analysis.

So, can I create many different certificates, and just make sure that I
replace "test" with the appropriate host-names?

[Dustin]

Virus Guy <Vi...@Guy.com> wrote in news:4F2DF9B8...@Guy.com:

> Ant wrote:
>
>> > Is it possible for your own computer (ie - localhost) to operate
>> > it's own web-server
>>
>> Sure you can. Microsoft's FrontPage web authoring tool had a mini
>> server you could set up for testing web pages.
>
> Ok, so I've installed the "Personal Web Server" that came with Windows
> 98 (something that, apparently, didn't come with Windows XP - ah ha!)

If you installed the older office with frontpage,it would have. HAH!
Winshit98 didnt come with it either. The fact you asked such a stupid
question tho and your supposed to be some kind of expert, yes, that was
good for a laugh or two.

> Any ideas what file I need to grab from ajax.googleapis.com and host
> locally so that VirusTotal's file-submission form works?

At what point will you show iniative and figure things out on your own?




--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

[Dustin]

Virus Guy <Vi...@Guy.com> wrote in news:4F2EB590...@Guy.com:

> Virus Guy wrote:
>
>> > One possible problem - the script links are using SSL (https) so
>> > the server must be able to handle that.
>>
>> Yea, that's the problem.
>
> So I downloaded this (Abyss Web Server)

Why not Apache?

> This web server (this free version) can do http and https - but not
> at the same time. I have to choose one or the other in the config
> settings.

When you grow up and join the NT world, this will no longer be any
issue for you. Youd be able to run more standard software.

> I guess I'll still have to have the Microsoft Personal Web Server
> running for any http port-80 stuff I want to serve.

Not a very bright idea.

> I click "OK" (to accept this situation) and I get another similar
> message, but this time instead of ajax.googleapis.com I get
> ssl.google-analytics.com. I don't know what file it's looking for in
> this case. I just continue by hitting OK.

Just what sort of administrator or expert are you?

> So, can I create many different certificates, and just make sure that
> I replace "test" with the appropriate host-names?

Dont really have a clue, eh? :)

I'm sure someone with good intentions who doesn't know any better will
be along to educate you soon. I won't, but I have little doubt someone
will feel sorry for you.

[Bear]

On 2/5/2012 12:40 PM, Dustin wrote:
> If you installed the older office with frontpage,it would have. HAH!
> Winshit98 didnt come with it either. The fact you asked such a stupid
> question tho and your supposed to be some kind of expert, yes, that was
> good for a laugh or two.

Must you be so demeaning. I'll bet measuring his overall level of
intelligence compared yours, (considering your behavior) he would win
hands down.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

[Bear]

On 2/5/2012 12:47 PM, Dustin wrote:
> I'm sure someone with good intentions who doesn't know any better will
> be along to educate you soon. I won't, but I have little doubt someone
> will feel sorry for you.

Why bother responding then? Just to boost your demented ego!

[Dustin]

Bear <bearbott...@gmail.com> wrote in news:4f2ef4c4$0$292$14726298
@news.sunsite.dk:

> On 2/5/2012 12:47 PM, Dustin wrote:
>> I'm sure someone with good intentions who doesn't know any better will
>> be along to educate you soon. I won't, but I have little doubt someone
>> will feel sorry for you.
>
> Why bother responding then? Just to boost your demented ego!
>

Hi Bear.

I realize you're new here and don't know the regulars yet. Virus_Guy has
been posting here for several years now. Like yourself tho, he often has a
habit of talking shit and every so often, someone (me this time) calls him
out on it.

Have a good day Bear.

[Dustin]

Bear <bearbott...@gmail.com> wrote in news:4f2ef45a$0$292$14726298
@news.sunsite.dk:

> On 2/5/2012 12:40 PM, Dustin wrote:
>> If you installed the older office with frontpage,it would have. HAH!
>> Winshit98 didnt come with it either. The fact you asked such a stupid
>> question tho and your supposed to be some kind of expert, yes, that was
>> good for a laugh or two.
>
> Must you be so demeaning. I'll bet measuring his overall level of
> intelligence compared yours, (considering your behavior) he would win
> hands down.
>

When it's necessary, yes. Measure whatever you like.

[Bear]

On 2/5/2012 4:08 PM, Dustin wrote:
> Bear<bearbott...@gmail.com> wrote in news:4f2ef4c4$0$292$14726298
> @news.sunsite.dk:
>
>> On 2/5/2012 12:47 PM, Dustin wrote:
>>> I'm sure someone with good intentions who doesn't know any better will
>>> be along to educate you soon. I won't, but I have little doubt someone
>>> will feel sorry for you.
>>
>> Why bother responding then? Just to boost your demented ego!
>>
>
> Hi Bear.
>
> I realize you're new here and don't know the regulars yet. Virus_Guy has
> been posting here for several years now. Like yourself tho, he often has a
> habit of talking shit and every so often, someone (me this time) calls him
> out on it.
>
> Have a good day Bear.
>
>

And your just the asshole to dish it out eh. Gotcha.

WTF are you calling him out on? Asking questions? WTF do you think
newsgroups are for.

BTW, I'm /not/ new here. I just never felt interested enough to post
here, though I did a few years back...I believe that is where I first
met you...you were an asshole then. Guess you'll die one unless someone
relieves you of it.

Ever so often, someone (me this time) calls you out on it.

[Ant]

"Virus Guy" wrote:

>>> One possible problem - the script links are using SSL (https) so
>>> the server must be able to handle that.
>>
>> Yea, that's the problem.
>
> So I downloaded this (Abyss Web Server)

[experiments with SSL]

> The VT website continues normally and I'm able to submit a file for
> analysis.
>
> So, can I create many different certificates, and just make sure that I
> replace "test" with the appropriate host-names?

As I said, web serving is not my area and particularly when secure
comms is involved. I'm not surprised you're having problems but at
least it works after a fashion.

I'm not sure why you're going to so much trouble over Google. Why not
just remove their script library servers from your hosts file and
leave in the analytics or whatever you're concerned about? It's a bit
over the top to set up a web server to supply selected content of a
domain you'd rather have blacklisted.