On Friday, August 4, 2017 12:35:04 PM CDT Paul Wise wrote: > Windows viruses in Debian email packages > ---------------------------------------- > > Sometimes upstreams of email related packages include live Windows > viruses/malware in their test corpus, either by accident or on purpose, > with or without removing infection/transmission mechanisms. Due to the > large amount of anti-spam and anti-malware services monitoring the > Internet, this can lead to debian.org mirrors getting flagged and > reducing the reputation of debian.org in those services as well as source > packages getting blocked by the content-scanning firewalls that some > networks operate. If your package is email related and includes a test > corpus, please scan it for viruses/malware. [...]
The news item doesn't specify what to do after scanning, but the referenced bug requests removal of the offending material. I can certainly support the goal of avoiding mirrors being flagged as malware distrubutors, so removal makes sense from this point of view. The news bit refers to "test corpus", so removal would presumably not change the output. But I have to wonder: are there not cases where the malware is present for *training* a detection system? If so, I would imagine removal could reduce the effectiveness of training. So what alternative exists for this case (if it indeed is a case we need to worry about)? Thanks, -Steve
Description: This is a digitally signed message part.