Re: [courier-users] Courier is malware

2016-06-03 Thread Zenon Panoussis

On 06/03/2016 04:44 AM, Sam Varshavchik wrote:

> But one thing's bugging me, according to that, Sourceforge's malware 
> scanner has been tossing its cookies for well over a month now, and this 
> is the first time someone noticed it.

> That could mean only one of two things. 1) Courier project isn't really 
> getting much traffic for anyone to notice, and that's entirely plausible; 
> and/or 2) Even the dates on that page are bogus.

There's a third possibility: newcomers don't know what to make of the warning
and where to raise questions, while those who already know and use courier don't
upgade often and will readily disregard the warning anyway.

In any case, the entire concept of scanning source packages for malware seems
pretty weird to me. Obviously, source itself is always harmless. So how can a
scanner tell what the source will do in compiled form? Malware databases use
the signatures of known bad binaries whose code is usually unknown, so there's
no way to match bad binaries to source code. All in all, this whole malware
scanning on sourceforge looks very much like a dead-end project.

Z


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Courier is malware

2016-06-02 Thread Mark Constable
On 03/06/16 11:44, Sam Varshavchik wrote:
> If Sourceforge doesn't resolve it tomorrow, or I get an unhelpful
> response, they won't follow-up until Monday; and I'll just replace
> all the links with the direct download links, bypassing Sourceforge's
> banner ads, for now.

FWIW how about replacing SF altogether with...

https://help.github.com/articles/creating-releases/

scriptable API for above...

https://developer.github.com/v3/repos/releases/#create-a-release

and this could also be useful...

https://help.github.com/articles/versioning-large-files/


--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


Re: [courier-users] Courier is malware

2016-06-02 Thread Sam Varshavchik

Zenon Panoussis writes:



Apocalypse has happened: the sun rose from the west and Sam
is now peddling malware. Proof:

http://qdh.nl/tmp/courier-is-malware.png .)

Sam, will you have a word with them?


I saw that about an hour ago with courier-imap-4.71.1. Verified the pgp sig,  
so Sourceforge has not been compromised, so that's good. Just to be sure, I  
uploaded courier-imap-4.71.1 to virustotal.com, and it didn't find anything.  
After that, I opened a support ticket with Sourceforge.


Now, given that Sourceforge is apparently doing this with other files too  
(and I won't waste my time uploading another file to virustotal), I did some  
digging around their help center (Sourceforge will probably not get around  
to reading my ticket until tomorrow), and found this page:


https://sourceforge.net/projects/courier/malware

which appears to be only visible to me, so here's the dump:

http://www.courier-mta.org/sourceforge-malware.pdf

From that, it's obvious to me that Sourceforge's malware scanner is on the  
fritz; and they rigged their system with a failsafe that if their virus  
scanner blows up, it defaults to malware being detected. Which is not really  
such a bad idea.


But one thing's bugging me, according to that, Sourceforge's malware scanner  
has been tossing its cookies for well over a month now, and this is the  
first time someone noticed it.


That could mean only one of two things. 1) Courier project isn't really  
getting much traffic for anyone to notice, and that's entirely plausible;  
and/or 2) Even the dates on that page are bogus.


Anyway, I'll give Sourceforge until tomorrow to figure out what's going on.  
My links from the download page are Sourceforge's default download links,  
that put up an interstitial with Sourceforge's banner ads, before starting  
the download. I am fine with Sourceforge trying to make a few pennies, here  
or there; but it looks like that it's possible to link directly to the  
downloads, bypassing Sourceforge's interstitial page with the bogus warnings.


If Sourceforge doesn't resolve it tomorrow, or I get an unhelpful response,  
they won't follow-up until Monday; and I'll just replace all the links with  
the direct download links, bypassing Sourceforge's banner ads, for now.




pgpoEFE6GIKVM.pgp
Description: PGP signature
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users