#36583: Microsoft Partner Program classifies dpaste.com techincal_500 view as a
dangerous Malware Site
-------------------------------+--------------------------------------
Reporter: Peter Kahn | Owner: (none)
Type: Bug | Status: new
Component: Generic views | Version: 5.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Description changed by Peter Kahn:
Old description:
> **Problem**
> Microsoft is flagging in the 500 error debug view's ability to send the
> error details to `dpaste.com` as Malware. This feature and the view seem
> OK to me but:
>
> * When I have run into this class of problem in the past, Microsoft has
> been unwilling to accept evidence of a false positive
>
> * This may impact Django apps in other marketplace verification systems
> as well
>
> **Error Message Excerpt**
> According to the Microsoft Partner program's Malware scanner:
>
> File name: technical_500.html,
> Malware Information:
> Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
> (FileType:.html) (Executable:true)
> ) .
>
> **History**
> The dpaste.com storage capability was added about 4 years ago
> https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
>
> **Workaround**
> If this feature of the view isn't needed, a simple script can surgically
> remove the aspect of the view. TBH, I've yet to try it and will be doing
> so today.
New description:
**Problem**
Microsoft Partner Site Malware scan for a compute image publish attempt to
Azure Marketplace is flagging in the 500 error debug view's ability to
send the error details to `dpaste.com` as Malware. This feature and the
view seem OK to me but:
* When I have run into this class of problem in the past, Microsoft has
been unwilling to accept evidence of a false positive
* This may impact Django apps in other marketplace verification systems as
well
**Error Message Excerpt**
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
(FileType:.html) (Executable:true)
) .
**History**
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
**Workaround**
If this feature of the view isn't needed, a simple script can surgically
remove the aspect of the view. TBH, I've yet to try it and will be doing
so today.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/36583#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070198f610ce59-00d6a126-f0ba-49d8-8f35-f23cb21572bd-000000%40eu-central-1.amazonses.com.
