Re: Firefox claims i386 images contain virus or malware
Hi,
Ruud Bos wrote:
> I tried to download two different ISO files via
> https://cdimage.debian.org/cdimage/release/current-live/i386/iso-hybrid/
> Everytime a download has completed, Firefox mentions that the ISO contains
> a virus. I tried downloading both the GNOME and MATE ISO's.
This accusation by Firefox is not new:
https://lists.debian.org/debian-cd/2020/07/msg00056.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966538
Regrettably there is no hint what part of the ISOs exactly is accused of
being malware.
Do you see any information beyond the statement that there is a virus ?
It is unlikely that Debian inadvertently packages any virus.
To verify that the ISOs have not been tampered with, download into the
same directory as the ISOs:
https://cdimage.debian.org/cdimage/release/current-live/i386/iso-hybrid/SHA512SUMS
https://cdimage.debian.org/cdimage/release/current-live/i386/iso-hybrid/SHA512SUMS.sign
Verify the authenticity of SHA512SUMS by a run of
gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS
which must report
gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>"
...
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
The reported "key fingerprint" must match one of those listed at
https://www.debian.org/CD/verify .
When the SHA512SUMS was verified by SHA512SUMS.sign and the public Debian
key, let program "sha512sum" check for matches:
sha512sum -c SHA512SUMS
must report
debian-live-10.6.0-i386-gnome.iso : OK
debian-live-10.6.0-i386-mate.iso : OK
...other.ISOs... : FAILED open or read
sha512sum: WARNING: ... listed files could not be read
It must not report
debian-live-10.6.0-i386-gnome.iso : FAILED
...
sha512sum: WARNING: ... listed files could not be read
sha512sum: WARNING: 1 computed checksum did NOT match
If the verification succeeds, consider to file a bug in Ubuntu against
the virus checker of Firefox.
Have a nice day :)
Thomas
Reply to: