[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#726393: general: Possible malware infections in source packages

On Tue, October 15, 2013 12:54, Dominik George wrote:
>> I looked into one of these, libmail-deliverystatus-bounceparser-
>> perl_1.531.orig.tar.gz, and found multipart email file containing zip
>> attachment. Inside this archive is a .pif file (PE32 executable for MS
>> Windows)
>> which is detected as Win32.Worm.Mytob.EF.
>
> Yes, and the package carries it because it needs it in its operation.
> Have you read the README file?

I have in fact read the README and it doesn't seem to mention anything
about this, it doesn't even have the word "virus" at all.

>> This doesn't look like a false positive.
>
> It isn't a false positive in that regard that the package *does* in fact
> contain the virus sample. However, it *is* a false positive, as the
> sample is there intentionally, and no virus scanner can guess the reason
> why it is there. It does no harm in the location where it is, it will
> not spread, so is it in fact a virus? No, it isn't.

I'm missing why the package cannot use the EICAR test virus signature for
its purposes.


Thijs
Reply to: