Skip to content

Features

Jump to bottom
github-actions[bot] edited this page Mar 5, 2026 · 2 revisions

New Features Summary

🎯 What's New

Your VirusTotal Shell Helper now automatically provides visual feedback for scan results:

βœ… Clean Files

  • Tagged as vt-clean in Dolphin
  • Visible in Information Panel (F11)
  • Searchable with tag:vt-clean

⚠️ Malicious Files

  • Auto-tagged as vt-malicious
  • Auto-locked - execute & write permissions removed
  • Quarantine button in notification
  • Original permissions preserved for potential restoration

πŸ“¦ Quarantine System

  • One-click quarantine from notification
  • Isolated directory: ~/.local/share/virustotal-quarantine
  • Read-only, no execute (chmod 400)
  • Manage with vt-manage command

πŸš€ Quick Start

  1. Scan a file:

    vt-check --notify suspicious.exe

  2. If malicious:

    • File is auto-locked (can't execute)
    • Notification shows "Quarantine File" button
    • Click to isolate it completely

  3. View quarantined files:

    vt-manage quarantine list
vt-manage quarantine open    # Opens in Dolphin

  4. See tags in Dolphin:

    • Press F11 to show Information Panel
    • Select any scanned file
    • Tags appear in the panel

πŸ“– Documentation

πŸ”§ Installation

./install.sh

The installer now includes:

  • vt-check - Main scanning tool
  • vt-actions.sh - Tagging & quarantine functions
  • vt-manage - Quarantine and audit management CLI

🏷️ Dependencies

Required:

  • balooctl6 - For file tagging (KDE/Plasma)
  • Already installed on CachyOS with KDE

Optional:

  • setfattr / getfattr - For storing metadata (package: attr)

πŸ’‘ Example Workflow

# Download something suspicious
wget https://example.com/suspicious.exe

# Right-click in Dolphin β†’ "Scan with VirusTotal"
# OR from terminal:
vt-check --notify suspicious.exe

# If malicious:
# - File becomes read-only automatically
# - Can't execute it even if you try
# - Notification offers to quarantine
# - Click "Quarantine File" button

# Later, review quarantine:
vt-manage quarantine list

# Delete permanently:
vt-manage quarantine delete <hash-or-filename>

⚑ What Happens Automatically

When you scan a file with --notify:

  1. Hash computed β†’ Check if already in VirusTotal
  2. Results analyzed β†’ Clean or Malicious?
  3. If Clean:
    • Tag: vt-clean
    • Normal notification
  4. If Malicious:
    • Tag: vt-malicious
    • Remove execute permissions
    • Remove write permissions
    • Show "Quarantine File" button
    • Store original permissions in xattr

No manual intervention needed! Just scan and the system handles the rest.

Clone this wiki locally