Re: download of source packages alarmed clamav
On Tuesday, June 25, 2013 11:06:26 PM Russ Allbery wrote:
> Joey Hess <joeyh@debian.org> writes:
> > So, the tarball could be fixed to rot-13 the virus files stored in it,
> > and re-rotate them when the test suite is run. (If virus scanners
> > perhaps try rot-13, then instead encrypt the viruses with a key included
> > in the source package, but that's probably overkill.)
>
> That's a good idea. If ROT-13 isn't sufficient, a simple XOR cipher that
> could be hacked together in a few lines of Python doubtless would be,
> without the complexity of real encryption. But I bet ROT-13 would do it.
The first time this came up, I discussed it with upstream. Their view is that
it's part of (for testing) the example milters that are shipped either in
pymilter or pymilter-milters and so they think it's appropriate to ship it.
In the past, I've concluded it wasn't something worth changing what upstream
shipped to 'fix'.
It's not there to test clamav. IIRC, there's a heuristic test in one of the
sample milters that would detect it directly. Anyone who doesn't like the
fact that clamav has a false positive on this file might want to consider
sending it to them. On clamav.net there's a process for submitting false
positives.
Scott K
Reply to: