What does Firefox do when "scanning for viruses" after download?
Never mind the fact that Firefox is a browser and not a AV tool, but what exactly does it do after a download? Even on systems that have an up-to-date AV this generates a pause of several seconds after download (where I can't open the file from within the DL manager) and I have no idea what FF might be trying there.
I know I can turn it off (using FF only at work anyway) but I'm wondering. I can think of some things here what it might be:
- FF itself is a AV scanner and it loads signatures in the background and whatnot. Sounds highly unlikely and shouldn't need tens of seconds for 20 KiB files.
- FF tries to talk with the installed AV to munch the file. Sounds unneeded, given that most AV programs feature real-time protection anyway and therefore will have caught a virus already and also because FF does that on systems without AV installed too.
- FF uploads the file to some online virus checker. Unlikely and stupid.
- FF instructs some online virus checker to download the file and check it. Unlikely and would be a nice target for DoSing that service.
- FF generates a hash of the file and sends that somewhere (presumably Google) to check for. They then respond with either "Whoa, that hash is totally a virus" or "Nope, that MD5 doesn't look very virus-y to me".
I'm running out of better ideas. Anyone have a clue?
Solution 1:
What the Mozilla Guys have to say:
Anti-Virus Software
Firefox integrates elegantly with your antivirus software. When you download a file, your computer’s antivirus program automatically checks it to protect you against viruses and other malware, which could otherwise attack your computer.
So your assumption on number 2 was correct. I noticed it also does this on computers without an anti-virus like you mentioned, I think this is because it is searching for an installed anti-virus each time.
If you wan't to disable it, in about:config modify browser.download.manager.scanWhenDone and set it to false.