[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: download of source packages alarmed clamav

On Tuesday, June 25, 2013 11:06:26 PM Russ Allbery wrote:
> Joey Hess <joeyh@debian.org> writes:
> > So, the tarball could be fixed to rot-13 the virus files stored in it,
> > and re-rotate them when the test suite is run. (If virus scanners
> > perhaps try rot-13, then instead encrypt the viruses with a key included
> > in the source package, but that's probably overkill.)
> 
> That's a good idea.  If ROT-13 isn't sufficient, a simple XOR cipher that
> could be hacked together in a few lines of Python doubtless would be,
> without the complexity of real encryption.  But I bet ROT-13 would do it.

The first time this came up, I discussed it with upstream.  Their view is that 
it's part of (for testing) the example milters that are shipped either in 
pymilter or pymilter-milters and so they think it's appropriate to ship it.  
In the past, I've concluded it wasn't something worth changing what upstream 
shipped to 'fix'.

It's not there to test clamav.  IIRC, there's a heuristic test in one of the 
sample milters that would detect it directly.  Anyone who doesn't like the 
fact that clamav has a false positive on this file might want to consider 
sending it to them.  On clamav.net there's a process for submitting false 
positives.

Scott K
Reply to: