[Feature] Automatic Virustotal check as option (command line + config) #6521
Description
Feature Request
Is your feature request related to a problem? Please describe.
Currently, Scoop does not automatically check downloaded files against VirusTotal before downloading installing them, which may expose users to potentially unsafe software if hashes are compromised or malicious files are distributed.
Describe the solution you'd like
I would like Scoop to support automatic VirusTotal checks for downloads and installations.
This should be configurable via a USE_VIRUSTOTAL option in Scoop's config, allowing users to enable or disable this feature by default.
When enabled, Scoop should scan files after downloading and warn or abort if VirusTotal reports issues. Additionally, the scoop install and scoop update commands should support a --virustotal-check flag (short -w) to trigger these checks on demand.
Note: -s is already taken and -v is usually used for other things
Describe alternatives you've considered
- Relying solely on hash checks, which may not catch all threats. (of course this too is not 100% save...)
- Manually checking/submitting files or URLs to VirusTotal for analysis. (Already possible, but can be easily forgotten)
- Using third-party antivirus solutions outside of Scoop's workflow.
I will open a PR soon.