Your message dated Tue, 15 Oct 2013 14:12:48 +0200 with message-id <201310151412.51775.holger@layer-acht.org> and subject line Re: Bug#726393: general: Possible malware infections in source packages has caused the Debian Bug report #726393, regarding general: Possible malware infections in source packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 726393: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726393 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: general: Possible malware infections in source packages
- From: Jarkko Palviainen <jarkko.palviainen@f-secure.com>
- Date: Tue, 15 Oct 2013 13:28:15 +0300
- Message-id: <[🔎] 20131015102815.23380.68872.reportbug@debian.F-Secure.com>
Package: general Severity: normal Some of the source packages were caught on a gateway anti-virus scanner while downloading. These are the exact downloads: http://ftp.fi.debian.org/debian/pool/main/libm/libmime-explode-perl/libmime- explode-perl_0.39.orig.tar.gz http://ftp.fi.debian.org/debian/pool/main/p/pymilter/pymilter_0.9.5.orig.tar.gz http://ftp.fi.debian.org/debian/pool/main/libm/libmail-deliverystatus- bounceparser-perl/libmail-deliverystatus-bounceparser-perl_1.531.orig.tar.gz http://ftp.fi.debian.org/debian/pool/main/l/linkchecker/linkchecker_7.9.orig.tar.bz2 I also uploaded the archives to virustotal.com for scanning with multiple vendors: https://www.virustotal.com/en/file/2403530b352c591464b96b37173031749c993967ed6e1375b6d295ef84576ac9/analysis/ https://www.virustotal.com/en/file/2edb67ca8b8831991d7ba24092829e775355e5a35aeae61cac52de0dc82b2fd5/analysis/ https://www.virustotal.com/en/file/af45514ed8ad5491c8dd1d682a5061c79f624e1789abef3f27e92bcd3653c052/analysis/ https://www.virustotal.com/en/file/7bb478a4f9512e1dfe77c658f0410d62d9af91cedc35ee7aaaff6bc9a56d7f85/analysis/ I looked into one of these, libmail-deliverystatus-bounceparser- perl_1.531.orig.tar.gz, and found multipart email file containing zip attachment. Inside this archive is a .pif file (PE32 executable for MS Windows) which is detected as Win32.Worm.Mytob.EF. This doesn't look like a false positive. I hope that the source packages would be sanitized from any actual malware samples. -- System Information: Debian Release: 7.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
- To: 726393-done@bugs.debian.org
- Subject: Re: Bug#726393: general: Possible malware infections in source packages
- From: Holger Levsen <holger@layer-acht.org>
- Date: Tue, 15 Oct 2013 14:12:48 +0200
- Message-id: <201310151412.51775.holger@layer-acht.org>
- In-reply-to: <[🔎] 20131015102815.23380.68872.reportbug@debian.F-Secure.com>
- References: <[🔎] 20131015102815.23380.68872.reportbug@debian.F-Secure.com>
Hi, On Dienstag, 15. Oktober 2013, Jarkko Palviainen wrote: > Package: general > Severity: normal > > Some of the source packages were caught on a gateway anti-virus scanner > while downloading. This is not a general bug in Debian. It *might* be bugs in the relevant source packages, but AFAICS these sources include these _examples_ for a reason, thus closing this bug. Feel free to file individual bugs against the relevant packages though. cheers, HolgerAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---