Remove virustotal.js as a dependency

api/routes/file.js

@@ -177,11 +177,13 @@ export function* post(next) {
     // Check in the background
     process.nextTick(function* malwareScan() {
       debug('Malware Scan');
-      const { positive, result } = yield malware(dbFile);
+      const result = yield malware(dbFile);
-      if (positive) {
+      if (result) {
-        this.statsd.incr('file.malware', 1);
+        yield Files.updateOne({_id: fileId}, {'$set': {malware: positive, virustotal: result}});
+        if (result.positive) {
+          this.statsd.incr('file.malware', 1);
+        }
       }
-      yield Files.updateOne({_id: fileId}, {'$set': {malware: positive, virustotal: result}});
     });
   } else {
     debug('Skipping Malware Scan, VIRUSTOTAL env variable not found.');

app.js

@@ -17,8 +17,6 @@ import web from './web/app';
 import debugname from 'debug';
 const debug = debugname('hostr');
 
-debug(process.env.COOKIE_KEY);
-
 const app = websockify(koa());
 app.keys = [process.env.COOKIE_KEY];
 

circle.yml

@@ -12,8 +12,5 @@ dependencies:
   cache_directories:
     - node_modules
     - web/public/jspm_packages
-  pre:
-    - npm install -g node-gyp-install
-    - node-gyp-install
   post:
     - npm run jspm

lib/malware.js

@@ -1,6 +1,4 @@
-import virustotal from 'virustotal.js';
+import virustotal from './virustotal';
-
-virustotal.setKey(process.env.VIRUSTOTAL_KEY);
 
 const extensions = ['EXE', 'PIF', 'APPLICATION', 'GADGET', 'MSI', 'MSP', 'COM', 'SCR', 'HTA', 'CPL', 'MSC',
   'JAR', 'BAT', 'CMD', 'VB', 'VBS', 'VBE', 'JS', 'JSE', 'WS', 'WSF', 'WSC', 'WSH', 'PS1', 'PS1XML', 'PS2',
@@ -14,21 +12,13 @@ function getExtension(filename) {
   return (i < 0) ? '' : filename.substr(i + 1);
 }
 
-export default function(file) {
+export default function* (file) {
-  return new Promise((resolve, reject) => {
+  if (extensions.indexOf(getExtension(file.file_name.toUpperCase())) < 0) {
-    if (extensions.indexOf(getExtension(file.file_name.toUpperCase())) >= 0) {
+    return false;
-      virustotal.getFileReport(file.md5, (err, res) => {
+  }
-        if (err) {
+  const result = yield virustotal.getFileReport(file.md5);
-          return reject(err);
+  return {
-        }
+    positive: result.positives >= 5,
-        if (res.scans) {
+    result: result,
-          resolve({positive: res.positives >= 5, result: res});
+  };
-        } else {
-          resolve();
-        }
-      });
-    } else {
-      resolve();
-    }
-  });
 }

lib/virustotal.js

@@ -0,0 +1,11 @@
+import fetch from 'node-fetch';
+import FormData from 'form-data';
+
+const apiRoot = 'https://www.virustotal.com/vtapi/v2';
+
+export function* getFileReport(resource, apiKey = process.env.VIRUSTOTAL_KEY) {
+  const form = new FormData();
+  form.append('apikey', apiKey);
+  form.append('resource', resource);
+  return yield fetch(`${apiRoot}/file/report`, { method: 'POST'});
+}

package.json

@@ -19,7 +19,7 @@
     "test": "mongo hostr test/fixtures/mongo-*.js && mocha -r babel/register test/**/*.spec.js",
     "watch": "parallelshell \"npm run watch-js\" \"npm run watch-sass\" \"npm run watch-server\"",
     "watch-js": "babel -Dw -m system -d web/public/build web/public/src",
-    "watch-server": "nodemon node -r babel/register app.js",
+    "watch-server": "nodemon -r babel/register app.js",
     "watch-sass": "node-sass -w -r -o web/public/styles/ web/public/styles/"
   },
   "dependencies": {
@@ -32,6 +32,7 @@
     "co-views": "~2.1.0",
     "debug": "~2.2.0",
     "ejs": "~2.3.2",
+    "form-data": "^0.2.0",
     "gm": "~1.18.1",
     "http-errors": "~1.3.1",
     "jspm": "~0.16.0",
@@ -54,6 +55,7 @@
     "mime-types": "~2.1.5",
     "moment": "~2.10.6",
     "mongodb-promisified": "~1.0.3",
+    "node-fetch": "^1.3.2",
     "node-sass": "~3.3.0",
     "node-uuid": "~1.4.3",
     "passwords": "~1.3.0",
@@ -63,8 +65,7 @@
     "s3-upload-stream": "~1.0.7",
     "statsy": "~0.2.0",
     "stripe": "~3.7.1",
-    "swig": "~1.4.2",
+    "swig": "~1.4.2"
-    "virustotal.js": "~0.3.1"
   },
   "devDependencies": {
     "babel-eslint": "^4.0.10",