Re: Firefox claims i386 images contain virus or malware

To: Thomas Schmitt <scdbackup@gmx.net>
Cc: debian-cd@lists.debian.org, ruudbos1983@gmail.com, Mattias Wadenstein <maswan@acc.umu.se>
Subject: Re: Firefox claims i386 images contain virus or malware
From: Steve McIntyre <steve@einval.com>
Date: Sat, 31 Oct 2020 22:53:56 +0000
Message-id: <[🔎] 20201031225356.GQ18639@tack.einval.com>
In-reply-to: <[🔎] 10001725152999621286@scdbackup.webframe.org>
References: <[🔎] d09516ae-3ce4-b4cf-39f4-2797660d2cd7@gmail.com> <[🔎] 10001725152999621286@scdbackup.webframe.org>

Hey folks,

nd the same I'm can reproduce the same thing here too at the
moment. amd64 images are similarly affected.

Previously, this seemed to be caused by another (unrelated) download
from the same server in Sweden. Maswan, can you check for any more
info please?

On Sat, Oct 31, 2020 at 11:06:19PM +0100, Thomas Schmitt wrote:
>Hi,
>
>Ruud Bos wrote:
>> I tried to download two different ISO files via
>> https://cdimage.debian.org/cdimage/release/current-live/i386/iso-hybrid/
>> Everytime a download has completed, Firefox mentions that the ISO contains
>> a virus. I tried downloading both the GNOME and MATE ISO's.
>
>This accusation by Firefox is not new:
>  https://lists.debian.org/debian-cd/2020/07/msg00056.html
>  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966538
>Regrettably there is no hint what part of the ISOs exactly is accused of
>being malware.
>Do you see any information beyond the statement that there is a virus ?
>
>It is unlikely that Debian inadvertently packages any virus.
>To verify that the ISOs have not been tampered with, download into the
>same directory as the ISOs:
>
>  https://cdimage.debian.org/cdimage/release/current-live/i386/iso-hybrid/SHA512SUMS
>  https://cdimage.debian.org/cdimage/release/current-live/i386/iso-hybrid/SHA512SUMS.sign
>
>Verify the authenticity of SHA512SUMS by a run of
>
>  gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS
>
>which must report
>
>  gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>"
>  ...
>  Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
>
>The reported "key fingerprint" must match one of those listed at
>  https://www.debian.org/CD/verify .
>
>When the SHA512SUMS was verified by SHA512SUMS.sign and the public Debian
>key, let program "sha512sum" check for matches:
>
>  sha512sum -c SHA512SUMS
>
>must report
>
>  debian-live-10.6.0-i386-gnome.iso : OK
>  debian-live-10.6.0-i386-mate.iso : OK
>  ...other.ISOs... : FAILED open or read
>  sha512sum: WARNING: ... listed files could not be read
>
>It must not report
>
>  debian-live-10.6.0-i386-gnome.iso : FAILED
>  ...
>  sha512sum: WARNING: ... listed files could not be read
>  sha512sum: WARNING: 1 computed checksum did NOT match
>
>If the verification succeeds, consider to file a bug in Ubuntu against
>the virus checker of Firefox.
>
>
>Have a nice day :)
>
>Thomas
>
>
-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"The problem with defending the purity of the English language is that
 English is about as pure as a cribhouse whore. We don't just borrow words; on
 occasion, English has pursued other languages down alleyways to beat them
 unconscious and rifle their pockets for new vocabulary."  -- James D. Nicoll

Reply to:

References:
- Firefox claims i386 images contain virus or malware
  - From: Ruud Bos <ruudbos1983@gmail.com>
- Re: Firefox claims i386 images contain virus or malware
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

Prev by Date: Re: Firefox claims i386 images contain virus or malware
Previous by thread: Re: Firefox claims i386 images contain virus or malware
Index(es):
- Date
- Thread