In the past I have personally emailed projects about issues like this. Unfortunately, given the scale of our service, I hope you appreciate that just doesn't scale.
Therefore, we have started to auto doom projects that have an 'code red' Malware score in order to protect users. I think it's worth it to protect users even though it is a little aggravating for project owners. Take the users perspective -- lost data/time is detrimental. Take the open source perspective -- a reputation for malware helps will discourage use/adoption. I fully intend to reinstate projects that fix the issue immediately. Again, we only do this for files that have extremely high Malware scores. I'll add this to our FAQ. Thanks, Ali _________________________________________________________________ Ali Pasha, Product Manager, Google Project Hosting On Thu, Dec 3, 2009 at 7:27 AM, David Anderson <[email protected]> wrote: > On Thu, Dec 3, 2009 at 16:03, ngollan <[email protected]> wrote: > >> On Dec 3, 3:36 pm, David Anderson <[email protected]> wrote: >> > The file in question contains malware. This was found by our malware >> > scanners, and in this particular case it was deemed serious enough that >> it >> > triggered an automatic ban of the project, to protect users. The >> analysis of >> > the file in question by VirusTotal (a free multi-scanner file analysis >> > service) can be found here: >> > >> > https://www.virustotal.com/analisis/15732e567cd6975acccd8f52b2e882592. >> .. >> >> That's an overly broad result and action. It appears that some >> scanners (in this case, 3 out of over 30) classified the file based on >> previous abuse. This is not uncommon for package wrappers, since they >> can execute pretty much arbitrary code when called. However, if >> followed consequently, that policy would require banning pretty much >> any installer. >> > > Note that the VirusTotal analysis is not what our malware scanners use to > identify malware, it's just something we can link to externally that > provides some reasonably extensive analysis of files. In this case, I agree > that the VirusTotal case looks a little sketchy, so I'll take a look at our > own scanners to see if there is something we should be fixing. > > But in general, our scanners are quite good at not getting confused by > installers and the like. There are many many projects on our platform that > host installers in various formats that don't trip our scanners, and when > our scanners report malware with the severity we got for this file, I > haven't yet seen it be wrong. That said, as I stated above, I'll follow up > internally and see if this was a false positive, and kick the scanners back > into line if it was. > > - Dave > > -- > You received this message because you are subscribed to the Google Groups > "Hosting at Google Code" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-code-hosting%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-code-hosting?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Alipasha" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected] <alipasha%[email protected]>. > For more options, visit this group at > http://groups.google.com/a/google.com/group/alipasha/?hl=en. > -- You received this message because you are subscribed to the Google Groups "Hosting at Google Code" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-code-hosting?hl=en.
