Handle the case where IAttachmentExecute::Save() deletes a downloaded file.

content/browser/safe_util_win.h

Index: content/browser/safe_util_win.h
diff --git a/content/browser/safe_util_win.h b/content/browser/safe_util_win.h
index 8b21f7fc0b8192f0b1082b71ea4f06e1a7c35021..41acfd53d02884c9cb60a6696a90d3d018626429 100644
--- a/content/browser/safe_util_win.h
+++ b/content/browser/safe_util_win.h
@@ -9,6 +9,7 @@
 #include <windows.h>
 
 class FilePath;
+class GURL;
 
 namespace win_util {
 
@@ -40,16 +41,33 @@ bool SaferOpenItemViaShell(HWND hwnd, const std::wstring& window_title,
                            const FilePath& full_path,
                            const std::wstring& source_url);
 
-// Sets the Zone Identifier on the file to "Internet" (3). Returns true if the
-// function succeeds, false otherwise. A failure is expected on system where
-// the Zone Identifier is not supported, like a machine with a FAT32 filesystem.
-// It should not be considered fatal.
-//
-// |full_path| is the path to save the file to, and
-// |source_url| is the URL where the file was downloaded from.
-bool SetInternetZoneIdentifier(const FilePath& full_path,
-                               const std::wstring& source_url);
-
+// Invokes IAttachmentExecute::Save to validate the downloaded file. The call
+// may scan the file for viruses and if necessary, annotate it with evidence. As
+// a result of the validation, the file may be deleted.  See:
+// http://msdn.microsoft.com/en-us/bb776299
+//
+// If Attachment Execution Services is unavailable, then this function will
+// attempt to manually annotate the file with security zone information. A
+// failure code will be returned in this case even if the file is sucessfully
+// annotated.

[Randy Smith (Not in Mondays), 2012/10/27 23:54:28]

Does this make sense?  If attachment execution services are not available on all
platforms, then wouldn't it make sense for this not to be an error on those
platforms?

(I realize that this is a theoretical point, given that the error is ignored at
the calling site if the file is still around.)

[asanka, 2012/10/29 15:33:59]

BaseFile will still log the error, and it can be helpful for debugging in cases
where we are unable to instantiate the CLSID_AttachmentServices class.

I don't think it makes sense to add special handling for versions of Windows
where AES isn't available since it's been there since Windows XP SP2.

+//
+// IAE::Save() will delete the file if it was found to be blocked by local
+// security policy or if it was found to be infected. The call may also delete
+// the file due to other failures (http://crbug.com/153212). A failure code will
+// be returned in these cases.
+//
+// Typical return values:
+//   S_OK   : The file was okay. If any viruses were found, they were cleaned.
+//   E_FAIL : Virus infected.
+//   INET_E_SECURITY_PROBLEM : The file was blocked due to security policy.
+//
+// Any other return value indicates an unexpected error during the scan.
+//
+// |full_path| : is the path to the downloaded file. This should be the final
+//               path of the download.
+// |source_url|: the source URL for the download.
+HRESULT ScanAndSaveDownloadedFile(const FilePath& full_path,
+                                  const GURL& source_url);
 }  // namespace win_util
 
 #endif  // CONTENT_COMMON_SAFE_UTIL_WIN_H_