[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Windows viruses in Debian email packages [from Misc Developer News (#44)]

On Friday, August 4, 2017 12:35:04 PM CDT Paul Wise wrote:

> Windows viruses in Debian email packages
> ----------------------------------------
>  Sometimes[6] upstreams of email related packages include live Windows
>  viruses/malware in their test corpus, either by accident or on purpose,
>  with or without removing infection/transmission mechanisms. Due to the
>  large amount of anti-spam and anti-malware services monitoring the
>  Internet, this can lead to debian.org mirrors getting flagged and
>  reducing the reputation of debian.org in those services as well as source
>  packages getting blocked by the content-scanning firewalls that some
>  networks operate. If your package is email related and includes a test
>  corpus, please scan it for viruses/malware.  [...]

The news item doesn't specify what to do after scanning, but the referenced 
bug requests removal of the offending material.  I can certainly support the 
goal of avoiding mirrors being flagged as malware distrubutors, so removal 
makes sense from this point of view.   

The news bit refers to "test corpus", so removal would presumably not change 
the output.  But I have to wonder: are there not cases where the malware is 
present for *training* a detection system?  If so, I would imagine removal 
could reduce the effectiveness of training.  So what alternative exists for 
this case (if it indeed is a case we need to worry about)?


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: