Well, let me know what you find -- the sfx file is just be a stub that creates a self extracting file when prepended to a 7z archive, and our August release files have been published using it. I'm fairly confident it's not a threat.
-- Promit On Dec 3, 3:11 pm, David Anderson <[email protected]> wrote: > As I said in an earlier message in the thread: we are looking into better > ways of notifying project owners who may have accidentally uploaded malware > (eg. compiled on an infected machine). We're aware that the status quo can > be confusing, and we should improve that. Unfortunately, we're pretty taken > up with other stuff right now, so for now we're handling the false positives > by hand. > > - Dave > > On Thu, Dec 3, 2009 at 21:01, Washu <[email protected]> wrote: > > It is nice to know that you guys are scanning for stuff, but from the > > owners perspective: > > Instead of handling this manualy (the emailing that is, as it sounds > > like you are), you should probably have the automatic identification > > and dooming of a project send a report email to the project owner > > (with perhaps a link to resubmit the project for scanning after > > resolving the issue) or some other method of acquiring the information > > that caused the project to be flagged. That way it can be taken care > > of by the owners without giant "WTF?" on their parts. > > > On Dec 3, 11:00 am, Ali Pasha <[email protected]> wrote: > > > In the past I have personally emailed projects about issues like this. > > > Unfortunately, given the scale of our service, I hope you appreciate that > > > just doesn't scale. > > > > Therefore, we have started to auto doom projects that have an 'code red' > > > Malware score in order to protect users. I think it's worth it to protect > > > users even though it is a little aggravating for project owners. Take the > > > users perspective -- lost data/time is detrimental. Take the open source > > > perspective -- a reputation for malware helps will discourage > > use/adoption. > > > > I fully intend to reinstate projects that fix the issue immediately. > > Again, > > > we only do this for files that have extremely high Malware scores. > > > > I'll add this to our FAQ. > > > > Thanks, > > > > Ali > > > > _________________________________________________________________ > > > Ali Pasha, Product Manager, Google Project Hosting > > > > On Thu, Dec 3, 2009 at 7:27 AM, David Anderson <[email protected]> > > wrote: > > > > On Thu, Dec 3, 2009 at 16:03, ngollan <[email protected]> wrote: > > > > >> On Dec 3, 3:36 pm, David Anderson <[email protected]> wrote: > > > >> > The file in question contains malware. This was found by our malware > > > >> > scanners, and in this particular case it was deemed serious enough > > that > > > >> it > > > >> > triggered an automatic ban of the project, to protect users. The > > > >> analysis of > > > >> > the file in question by VirusTotal (a free multi-scanner file > > analysis > > > >> > service) can be found here: > > >https://www.virustotal.com/analisis/15732e567cd6975acccd8f52b2e882592. > > > >> .. > > > > >> That's an overly broad result and action. It appears that some > > > >> scanners (in this case, 3 out of over 30) classified the file based on > > > >> previous abuse. This is not uncommon for package wrappers, since they > > > >> can execute pretty much arbitrary code when called. However, if > > > >> followed consequently, that policy would require banning pretty much > > > >> any installer. > > > > > Note that the VirusTotal analysis is not what our malware scanners use > > to > > > > identify malware, it's just something we can link to externally that > > > > provides some reasonably extensive analysis of files. In this case, I > > agree > > > > that the VirusTotal case looks a little sketchy, so I'll take a look at > > our > > > > own scanners to see if there is something we should be fixing. > > > > > But in general, our scanners are quite good at not getting confused by > > > > installers and the like. There are many many projects on our platform > > that > > > > host installers in various formats that don't trip our scanners, and > > when > > > > our scanners report malware with the severity we got for this file, I > > > > haven't yet seen it be wrong. That said, as I stated above, I'll follow > > up > > > > internally and see if this was a false positive, and kick the scanners > > back > > > > into line if it was. > > > > > - Dave > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "Hosting at Google Code" group. > > > > To post to this group, send email to > > [email protected]. > > > > To unsubscribe from this group, send email to > > > > [email protected]<google-code-hosting%[email protected]><google-code-hosting%2Bunsu > > [email protected]> > > > > . > > > > For more options, visit this group at > > > >http://groups.google.com/group/google-code-hosting?hl=en. > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "Alipasha" group. > > > > To post to this group, send email to [email protected]. > > > > To unsubscribe from this group, send email to > > > > [email protected] <alipasha%[email protected]> < > > alipasha%[email protected] <alipasha%[email protected]>>. > > > > For more options, visit this group at > > > >http://groups.google.com/a/google.com/group/alipasha/?hl=en. > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Hosting at Google Code" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<google-code-hosting%[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/google-code-hosting?hl=en. -- You received this message because you are subscribed to the Google Groups "Hosting at Google Code" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-code-hosting?hl=en.
