On Thu, Dec 3, 2009 at 16:03, ngollan <[email protected]> wrote:
> On Dec 3, 3:36 pm, David Anderson <[email protected]> wrote: > > The file in question contains malware. This was found by our malware > > scanners, and in this particular case it was deemed serious enough that > it > > triggered an automatic ban of the project, to protect users. The analysis > of > > the file in question by VirusTotal (a free multi-scanner file analysis > > service) can be found here: > > > > https://www.virustotal.com/analisis/15732e567cd6975acccd8f52b2e882592... > > That's an overly broad result and action. It appears that some > scanners (in this case, 3 out of over 30) classified the file based on > previous abuse. This is not uncommon for package wrappers, since they > can execute pretty much arbitrary code when called. However, if > followed consequently, that policy would require banning pretty much > any installer. > Note that the VirusTotal analysis is not what our malware scanners use to identify malware, it's just something we can link to externally that provides some reasonably extensive analysis of files. In this case, I agree that the VirusTotal case looks a little sketchy, so I'll take a look at our own scanners to see if there is something we should be fixing. But in general, our scanners are quite good at not getting confused by installers and the like. There are many many projects on our platform that host installers in various formats that don't trip our scanners, and when our scanners report malware with the severity we got for this file, I haven't yet seen it be wrong. That said, as I stated above, I'll follow up internally and see if this was a false positive, and kick the scanners back into line if it was. - Dave -- You received this message because you are subscribed to the Google Groups "Hosting at Google Code" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-code-hosting?hl=en.
