Re: Bug#726393: general: Possible malware infections in source packages
On Tue, October 15, 2013 14:09, Dominique Dumont wrote:
> In libmail-deliverystatus-bounceparser-perl case, the virus is used on the
> non-regressions test which are shipped in the original tarball (and in
> Debian *source* package). This virus is *not* shipped in Debian binary
I'm still not sure why the virus contained in the source could not be
replaced by the EICAR test signature.
Setting off false positive alarms masks true positives so should be
avoided as much as possible.
The EICAR test signature exists exactly for the purpose of tests. I would
consider any other virus sample shipped by Debian, beit source or binary,
a bug and I invite Jarkko to report them as such against the respective
packages, so they can be solved in coordination with their upstreams.