Re: Bug#726393: general: Possible malware infections in source packages
On Tuesday 15 October 2013 13:19:38 Thijs Kinkhorst wrote:
> > It isn't a false positive in that regard that the package *does* in fact
> > contain the virus sample. However, it *is* a false positive, as the
> > sample is there intentionally, and no virus scanner can guess the reason
> > why it is there. It does no harm in the location where it is, it will
> > not spread, so is it in fact a virus? No, it isn't.
>
> I'm missing why the package cannot use the EICAR test virus signature for
> its purposes.
In libmail-deliverystatus-bounceparser-perl case, the virus is used on the
non-regressions test which are shipped in the original tarball (and in Debian
*source* package). This virus is *not* shipped in Debian binary package.
HTH
--
https://github.com/dod38fr/ -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/ -o- irc: dod at irc.debian.org
Reply to: