Re: Debian Strech 9.13 ISO Download - Firefox says its containing a virus
Hi,
i wrote:
> > Quite surely Debian does not put malware into its ISOs.
Steve McIntyre wrote:
> No, *definitely* not.
Well, as upstream programmer i could - intentionally or as victim of
malware myself - be the culprit who sneaks malware into a Debian ISO.
I try hard to keep my machines clean and my moral reputable, but in the end
i do not dare to be more affirmative than "Quite surely".
> I've raised a few tickets with Google
Please notify bug 966538 about any progress.
> We're wondering if it might just be a hash collision or something.
If it's not weaker than MD5 then this is extremely unlikely without a
systematic connection to malware classification. If some program binary
was registered as malware by mistake, that would be such a connection.
> It's difficult to tell with ~zero diagnostics. :-/
To my humble opinion, this obscure behavior should be reason enough to
disable the malware check by default.
My Debian 10 is only 6 days old and i did not install anything browser
related after the netinst installation was done. So the checker came
quite surely by default with the Firefox installation. (Currently the
desktop is LXDE, if this matters. Switching to fvwm is still on my todo
list ... after i learned how to keep the galaxy collision screensaver ...)
Have a nice day :)
Thomas
Reply to: