Re: download of source packages alarmed clamav

To: Darac Marjal <mailinglist@darac.org.uk>
Cc: debian-devel@lists.debian.org
Subject: Re: download of source packages alarmed clamav
From: Peter Samuelson <peter@p12n.org>
Date: Tue, 25 Jun 2013 13:16:39 -0500
Message-id: <[🔎] 20130625181639.GD13562@p12n.org>
In-reply-to: <[🔎] 20130625120926.GA9426@darac.org.uk>
References: <[🔎] 51C93D1C.9030800@aixigo.de> <[🔎] 20130625074623.GB27105@ieval.ro> <[🔎] 20130625095226.604b1bf2@dpcl082.ac.aixigo.de> <[🔎] 20130625075453.GA27375@ieval.ro> <[🔎] 20130625101946.12b98df9@dpcl082.ac.aixigo.de> <[🔎] c437fc8f-649c-4d32-b0e2-77c98f1ace0d@email.android.com> <[🔎] 20130625120926.GA9426@darac.org.uk>

> On Tue, Jun 25, 2013 at 08:04:00AM -0400, Scott Kitterman wrote:
> > This comes up periodically. They aren't real.

[Darac Marjal]
> It would appear they're real enough to trigger clamav's detection,
> which was the problem the OP was having.

Yes.  It is not really a fixable problem.  The test files intentionally
contain material whose purpose is to trigger a virus scanner.  That is
their entire point.  The fact that they do in fact trigger a virus
scanner is unfortunate in this case, but it is a straightforward
consequence and there probably isn't much you can do about it (except
of course to not use a virus scanner while downloading virus scanning
test data).

The EICAR string is all very well, but doesn't solve this problem.
Either virus scanners treat EICAR just like any real virus, alerting
and/or blocking stuff, or they treat it as a special case.  If the
formert, you haven't solved anything.  If the latter, then by the
nature of it being a special case, EICAR alone is not sufficient test
coverage for virus scanning functionality.

Peter

Reply to:

References:
- download of source packages alarmed clamav
  - From: Harald Dunkel <harald.dunkel@aixigo.de>
- Re: download of source packages alarmed clamav
  - From: Marius Gavrilescu <marius@ieval.ro>
- Re: download of source packages alarmed clamav
  - From: Harald Dunkel <harald.dunkel@aixigo.de>
- Re: download of source packages alarmed clamav
  - From: Marius Gavrilescu <marius@ieval.ro>
- Re: download of source packages alarmed clamav
  - From: Harald Dunkel <harald.dunkel@aixigo.de>
- Re: download of source packages alarmed clamav
  - From: Scott Kitterman <debian@kitterman.com>
- Re: download of source packages alarmed clamav
  - From: Darac Marjal <mailinglist@darac.org.uk>

Prev by Date: Re: Hardening Flags for sg3-utils
Next by Date: Re: Reporting 1.2K crashes
Previous by thread: Re: download of source packages alarmed clamav
Next by thread: Re: download of source packages alarmed clamav
Index(es):
- Date
- Thread