download of source packages alarmed clamav
Hi folks,
I am running a transparent http proxy integrated with clamav.
Problem: If I run "apt-get source pymilter", then I get
# apt-get source pymilter
Reading package lists... Done
Building dependency tree
Reading state information... Done
NOTICE: 'pymilter' packaging is maintained in the 'Svn' version control system at:
svn://svn.debian.org/python-modules/packages/pymilter/trunk/
Need to get 100 kB of source archives.
Get:1 http://ftp.de.debian.org/debian/ squeeze/main pymilter 0.9.3-2 (dsc) [1318 B]
Err http://ftp.de.debian.org/debian/ squeeze/main pymilter 0.9.3-2 (tar)
500 Missing Content-Length
Get:2 http://ftp.de.debian.org/debian/ squeeze/main pymilter 0.9.3-2 (diff) [2756 B]
Fetched 4074 B in 2s (1614 B/s)
Failed to fetch http://ftp.de.debian.org/debian/pool/main/p/pymilter/pymilter_0.9.3.orig.tar.gz 500 Missing Content-Length
E: Failed to fetch some archives.
Using a web browser for download I see a message generated by
my proxy:
Virus Alarm
The URL
http://ftp.de.debian.org/debian/pool/main/p/pymilter/pymilter_0.9.3.orig.tar.gz
contains the following virus:
Exploit.IFrame.Gen(4c4d77c2301e1afcbf40714b924aff6d:96362)
Access denied.
Powered by SquidClamAv 5.4
The same happens for a few other source packages as well.
I doubt that sending a virus complies to the DFSG, so the question
is whether these source packages have been compromised?
Harri
Reply to: