#36583: Microsoft Partner Program classifies dpaste.com techincal_500 view as a
dangerous Malware Site
----------------------------+-----------------------------------------
Reporter: Peter Kahn | Type: Bug
Status: new | Component: Generic views
Version: 5.2 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------+-----------------------------------------
**Problem**
Microsoft is flagging in the 500 error debug view's ability to send the
error details to `dpaste.com` as Malware. This feature and the view seem
OK to me but:
* When I have run into this class of problem in the past, Microsoft has
been unwilling to accept evidence of a false positive
* This may impact Django apps in other marketplace verification systems as
well
**Error Message Excerpt**
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
(FileType:.html) (Executable:true)
) .
**History**
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
**Workaround**
If this feature of the view isn't needed, a simple script can surgically
remove the aspect of the view. TBH, I've yet to try it and will be doing
so today.
--
Ticket URL: <https://code.djangoproject.com/ticket/36583>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070198f58bab43-5ba82869-aa1a-4816-aa32-a65b3f3dfc0d-000000%40eu-central-1.amazonses.com.
