Pre-compiled binaries not working w/ openSUSE Leap 42.3

Question

Pre-compiled binaries not working w/ openSUSE Leap 42.3

Closed this issue 4 years ago · 12 comments

Downloaded the most recent (vt-cli 0.6.1) 64bit binary but it's somehow not working.
Running ./vt init and providing the API key returns:

Get https://[my_hostname]/api/v3/metadata: Forbidden

Providing the API key via the command line returns (using verbose mode), e.g.:

* API key: [my_API key]
* API host: [my_hostname]
Get https://[my_hostname]/api/v3/files/8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85: Forbidden

On another openSUSE Leap 42.3 I get the following message:

Get https:// [...] dial tcp: lookup [my_FQDN] on 192.168.1.1:53 no such host

Answer 1 · 2019-07-11T09:08:00.000Z

[my_hostname] should be www.virustotal.com. It's that what you see?

Answer 2 · 2019-07-12T12:27:11.000Z

No, [my_hostname] is, well, the FQDN of my computer.
Upgrading the system to openSUSE Leap 15.0 didn't change anything.

Answer 3 · 2019-07-12T14:01:40.000Z

Look at the content of the config file and tell me what it contains?

cat ~/.vt.toml

It looks like it's not using the standard hostname, so I guess it's taking it from the config file.

Answer 4 · 2019-07-12T14:10:29.000Z

I don't have that file on my system...

Answer 5 · 2019-07-12T17:28:57.000Z

When you run ./vt init the program should print something like:

Your API key has been written to config file <path to config file>

Can you run vt init and see where it creates the config file?

Answer 6 · 2019-07-29T13:49:27.000Z

Please see my initial message. I get

Get https:// [...] dial tcp: lookup [my_FQDN] on 192.168.1.1:53 no such host

when running vt init

Answer 7 · 2019-07-29T13:56:38.000Z

Ok, the init command makes a request to the VirusTotal backend and its failing too. This looks a DNS problem. Can you check whats happen if you run:

ping www.virustotal.com

My guess is that your machine is having trouble resolving the VirusTotal domain name. Are you behind a HTTP proxy?

Answer 8 · 2019-07-29T15:06:15.000Z

Here you go:

ping -c 3 www.virustotal.com

PING ghs-svc-https-c46.ghs-ssl.googlehosted.com (74.125.34.46) 56(84) bytes of data.
64 bytes from ghs-vip-any-c46.ghs-ssl.googlehosted.com (74.125.34.46): icmp_seq=1 ttl=57 time=1.97 ms
64 bytes from ghs-vip-any-c46.ghs-ssl.googlehosted.com (74.125.34.46): icmp_seq=2 ttl=57 time=1.97 ms
64 bytes from ghs-vip-any-c46.ghs-ssl.googlehosted.com (74.125.34.46): icmp_seq=3 ttl=57 time=2.05 ms

--- ghs-svc-https-c46.ghs-ssl.googlehosted.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 1.973/2.001/2.054/0.037 ms

And no, the system is not behind a proxy or anything.
The one behind an HTTP proxy gives the Forbidden error above.

Answer 9 · 2019-07-29T18:38:01.000Z

This is really weird because the error message suggests that the cli is trying to connect to your own machine, and in order to resolve your FQDN it sends a DNS request to 192.168.1.1:53, which fails. What I don't quite understand is why it is trying to connect to your FQDN.

This also suggests that it's connecting to you own machine instead of virustotal.com:

* API key: [my_API key]
* API host: [my_hostname]
Get https://[my_hostname]/api/v3/files/8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85: Forbidden

my_hostname should be www.virustotal.com and the only way to modify that is by changing the config file.

Please try this:

vt init --host www.virustotal.com

By forcing the host to be www.virustotal.com it should ignore any other configuration. Paste the result of this command here.

Answer 10 · 2019-07-31T10:30:21.000Z

Thanks for all your help, Victor!

It's getting even more weird (TM): when I run vt init --host www.virustotal.com the .vt.toml file is indeed being written to my home directory (and it contains my apikey). :-)

However, running vt file ... still leads to that weird ...dial tcp... message.

But, vt --host www.virustotal.com file ... works fine. Weird isn't it?

Answer 11 · 2019-08-01T14:04:27.000Z

And what happens if you add this line to your .vt.toml file?

host="www.virustotal.com"

It should read the config from the file and use the correct host. Everything looks like the vt binary has localhost as the default host, and unless you specify the correct host it fails. But that's weird, I've downloaded the binary for version 0.6.1 and haven't seen the same behavior.

Answer 12 · 2019-08-02T09:30:10.000Z

Adding that line to .vt.toml doesn't change anything, I'm afraid. I still get the ...dial tcp... message. Maybe this is related to openSUSE Leap?
However, I found out how to get rid of the Forbidden message on the machine behind a http proxy: unset http_proxy resolves the issue for me.