On 06/03/2016 04:44 AM, Sam Varshavchik wrote:

> But one thing's bugging me, according to that, Sourceforge's malware 
> scanner has been tossing its cookies for well over a month now, and this 
> is the first time someone noticed it.

> That could mean only one of two things. 1) Courier project isn't really 
> getting much traffic for anyone to notice, and that's entirely plausible; 
> and/or 2) Even the dates on that page are bogus.

There's a third possibility: newcomers don't know what to make of the warning
and where to raise questions, while those who already know and use courier don't
upgade often and will readily disregard the warning anyway.

In any case, the entire concept of scanning source packages for malware seems
pretty weird to me. Obviously, source itself is always harmless. So how can a
scanner tell what the source will do in compiled form? Malware databases use
the signatures of known bad binaries whose code is usually unknown, so there's
no way to match bad binaries to source code. All in all, this whole malware
scanning on sourceforge looks very much like a dead-end project.

Z


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to