Pre-compiled binaries not working w/ openSUSE Leap 42.3
StefanKelm opened this issue · 12 comments
Downloaded the most recent (vt-cli 0.6.1) 64bit binary but it's somehow not working.
Running ./vt init and providing the API key returns:
Get https://[my_hostname]/api/v3/metadata: Forbidden
Providing the API key via the command line returns (using verbose mode), e.g.:
* API key: [my_API key]
* API host: [my_hostname]
Get https://[my_hostname]/api/v3/files/8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85: Forbidden
On another openSUSE Leap 42.3 I get the following message:
Get https:// [...] dial tcp: lookup [my_FQDN] on 192.168.1.1:53 no such host
[my_hostname] should be www.virustotal.com. It's that what you see?
No, [my_hostname] is, well, the FQDN of my computer.
Upgrading the system to openSUSE Leap 15.0 didn't change anything.
Look at the content of the config file and tell me what it contains?
cat ~/.vt.toml
It looks like it's not using the standard hostname, so I guess it's taking it from the config file.
I don't have that file on my system...
When you run ./vt init the program should print something like:
Your API key has been written to config file <path to config file>
Can you run vt init and see where it creates the config file?
Please see my initial message. I get
Get https:// [...] dial tcp: lookup [my_FQDN] on 192.168.1.1:53 no such host
when running vt init
Ok, the init command makes a request to the VirusTotal backend and its failing too. This looks a DNS problem. Can you check whats happen if you run:
ping www.virustotal.com
My guess is that your machine is having trouble resolving the VirusTotal domain name. Are you behind a HTTP proxy?
Here you go:
ping -c 3 www.virustotal.com
PING ghs-svc-https-c46.ghs-ssl.googlehosted.com (74.125.34.46) 56(84) bytes of data.
64 bytes from ghs-vip-any-c46.ghs-ssl.googlehosted.com (74.125.34.46): icmp_seq=1 ttl=57 time=1.97 ms
64 bytes from ghs-vip-any-c46.ghs-ssl.googlehosted.com (74.125.34.46): icmp_seq=2 ttl=57 time=1.97 ms
64 bytes from ghs-vip-any-c46.ghs-ssl.googlehosted.com (74.125.34.46): icmp_seq=3 ttl=57 time=2.05 ms
--- ghs-svc-https-c46.ghs-ssl.googlehosted.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 1.973/2.001/2.054/0.037 ms
And no, the system is not behind a proxy or anything.
The one behind an HTTP proxy gives the Forbidden error above.
This is really weird because the error message suggests that the cli is trying to connect to your own machine, and in order to resolve your FQDN it sends a DNS request to 192.168.1.1:53, which fails. What I don't quite understand is why it is trying to connect to your FQDN.
This also suggests that it's connecting to you own machine instead of virustotal.com:
* API key: [my_API key]
* API host: [my_hostname]
Get https://[my_hostname]/api/v3/files/8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85: Forbidden
my_hostname should be www.virustotal.com and the only way to modify that is by changing the config file.
Please try this:
vt init --host www.virustotal.com
By forcing the host to be www.virustotal.com it should ignore any other configuration. Paste the result of this command here.
Thanks for all your help, Victor!
It's getting even more weird (TM): when I run vt init --host www.virustotal.com the .vt.toml file is indeed being written to my home directory (and it contains my apikey). :-)
However, running vt file ... still leads to that weird ...dial tcp... message.
But, vt --host www.virustotal.com file ... works fine. Weird isn't it?
And what happens if you add this line to your .vt.toml file?
host="www.virustotal.com"
It should read the config from the file and use the correct host. Everything looks like the vt binary has localhost as the default host, and unless you specify the correct host it fails. But that's weird, I've downloaded the binary for version 0.6.1 and haven't seen the same behavior.
Adding that line to .vt.toml doesn't change anything, I'm afraid. I still get the ...dial tcp... message. Maybe this is related to openSUSE Leap?
However, I found out how to get rid of the Forbidden message on the machine behind a http proxy: unset http_proxy resolves the issue for me.