As I said in an earlier message in the thread: we are looking into better ways of notifying project owners who may have accidentally uploaded malware (eg. compiled on an infected machine). We're aware that the status quo can be confusing, and we should improve that. Unfortunately, we're pretty taken up with other stuff right now, so for now we're handling the false positives by hand.
- Dave On Thu, Dec 3, 2009 at 21:01, Washu <[email protected]> wrote: > It is nice to know that you guys are scanning for stuff, but from the > owners perspective: > Instead of handling this manualy (the emailing that is, as it sounds > like you are), you should probably have the automatic identification > and dooming of a project send a report email to the project owner > (with perhaps a link to resubmit the project for scanning after > resolving the issue) or some other method of acquiring the information > that caused the project to be flagged. That way it can be taken care > of by the owners without giant "WTF?" on their parts. > > On Dec 3, 11:00 am, Ali Pasha <[email protected]> wrote: > > In the past I have personally emailed projects about issues like this. > > Unfortunately, given the scale of our service, I hope you appreciate that > > just doesn't scale. > > > > Therefore, we have started to auto doom projects that have an 'code red' > > Malware score in order to protect users. I think it's worth it to protect > > users even though it is a little aggravating for project owners. Take the > > users perspective -- lost data/time is detrimental. Take the open source > > perspective -- a reputation for malware helps will discourage > use/adoption. > > > > I fully intend to reinstate projects that fix the issue immediately. > Again, > > we only do this for files that have extremely high Malware scores. > > > > I'll add this to our FAQ. > > > > Thanks, > > > > Ali > > > > _________________________________________________________________ > > Ali Pasha, Product Manager, Google Project Hosting > > > > > > > > On Thu, Dec 3, 2009 at 7:27 AM, David Anderson <[email protected]> > wrote: > > > On Thu, Dec 3, 2009 at 16:03, ngollan <[email protected]> wrote: > > > > >> On Dec 3, 3:36 pm, David Anderson <[email protected]> wrote: > > >> > The file in question contains malware. This was found by our malware > > >> > scanners, and in this particular case it was deemed serious enough > that > > >> it > > >> > triggered an automatic ban of the project, to protect users. The > > >> analysis of > > >> > the file in question by VirusTotal (a free multi-scanner file > analysis > > >> > service) can be found here: > > > > >> > > https://www.virustotal.com/analisis/15732e567cd6975acccd8f52b2e882592. > > >> .. > > > > >> That's an overly broad result and action. It appears that some > > >> scanners (in this case, 3 out of over 30) classified the file based on > > >> previous abuse. This is not uncommon for package wrappers, since they > > >> can execute pretty much arbitrary code when called. However, if > > >> followed consequently, that policy would require banning pretty much > > >> any installer. > > > > > Note that the VirusTotal analysis is not what our malware scanners use > to > > > identify malware, it's just something we can link to externally that > > > provides some reasonably extensive analysis of files. In this case, I > agree > > > that the VirusTotal case looks a little sketchy, so I'll take a look at > our > > > own scanners to see if there is something we should be fixing. > > > > > But in general, our scanners are quite good at not getting confused by > > > installers and the like. There are many many projects on our platform > that > > > host installers in various formats that don't trip our scanners, and > when > > > our scanners report malware with the severity we got for this file, I > > > haven't yet seen it be wrong. That said, as I stated above, I'll follow > up > > > internally and see if this was a false positive, and kick the scanners > back > > > into line if it was. > > > > > - Dave > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Hosting at Google Code" group. > > > To post to this group, send email to > [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<google-code-hosting%[email protected]><google-code-hosting%2Bunsu > [email protected]> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/google-code-hosting?hl=en. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Alipasha" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected] <alipasha%[email protected]> < > alipasha%[email protected] <alipasha%[email protected]>>. > > > For more options, visit this group at > > >http://groups.google.com/a/google.com/group/alipasha/?hl=en. > > -- > > You received this message because you are subscribed to the Google Groups > "Hosting at Google Code" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-code-hosting%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-code-hosting?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Hosting at Google Code" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-code-hosting?hl=en.
