You can disagree with this approach. However, in my 10+ experience
setting up security gateways for Internet traffic (mostly for
HTTP/FTP/SMTP) I've seen only a few vulnerabilities in the gateways
themselves. Many of the gateways I have deployed are either network
appliances with a Common
On 18 October 2013 12:41, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote:
I have to join Marc here and say me too. In my organisation we
actually have those controls in place (antivirus/antimalware) in the
Internet gateways and we do not disable them for specific traffic
flows unless a detailed
It's not difficult if you reject the requirement of being DOS[0] executable:
I meant ending up with something byte-for-byte identical.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
On Fri, 18 Oct 2013, Thorsten Glaser wrote:
On Tue, 15 Oct 2013, Thijs Kinkhorst wrote:
I'm still not sure why the virus contained in the source could not be
replaced by the EICAR test signature.
Because it’s not testing a virus scanner, but because the
specific RFC822 message in question
On 17 Oct 2013, at 19:21, Javier Fernandez-Sanguino j...@computer.org wrote:
eicar.com does not have a distributable license.
Neither does the virus discussed in this thread (Win32.Worm.Mytob.EF)
included in libmail-deliverystatus-bounceparser-perl.
Good point, I agree it should be
I have to join Marc here and say me too. In my organisation we
actually have those controls in place (antivirus/antimalware) in the
Internet gateways and we do not disable them for specific traffic
flows unless a detailed risk analysis has been done (and approved).
Personally I disagree with
On Tue, 15 Oct 2013, Thijs Kinkhorst wrote:
I'm still not sure why the virus contained in the source could not be
replaced by the EICAR test signature.
Because it’s not testing a virus scanner, but because the
specific RFC822 message in question exhibited multiple problems
in the code, due to
* Jonathan Dowland j...@debian.org, 2013-10-18, 08:55:
Someone should reimplement eicar under a clear license using clean room
techniques. I may do so if I find time.
It's not difficult if you reject the requirement of being DOS[0] executable:
On Wed, October 16, 2013 10:56, Marc Haber wrote:
On Tue, 15 Oct 2013 13:19:38 +0200, Thijs Kinkhorst
th...@debian.org wrote:
I'm missing why the package cannot use the EICAR test virus signature for
its purposes.
eicar.com does not have a distributable license.
I doubt that's relevant,
On 16 October 2013 11:12, Marc Haber mh+debian-de...@zugschlus.de wrote:
On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George n...@naturalnet.de
wrote:
Some of the source packages were caught on a gateway anti-virus scanner
while
downloading.
Using a gateway anti-virus scanner for downloads
On 16 October 2013 10:56, Marc Haber mh+debian-de...@zugschlus.de wrote:
On Tue, 15 Oct 2013 13:19:38 +0200, Thijs Kinkhorst
th...@debian.org wrote:
I'm missing why the package cannot use the EICAR test virus signature for
its purposes.
eicar.com does not have a distributable license.
Neither
On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George n...@naturalnet.de
wrote:
Some of the source packages were caught on a gateway anti-virus scanner while
downloading.
Using a gateway anti-virus scanner for downloads from the Debian archive
seems a bit inappropriate, well, paranoid. Checking
On Tue, 15 Oct 2013 13:19:38 +0200, Thijs Kinkhorst
th...@debian.org wrote:
I'm missing why the package cannot use the EICAR test virus signature for
its purposes.
eicar.com does not have a distributable license.
Greetings
Marc
--
-- !! No courtesy copies,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marc Haber mh+debian-de...@zugschlus.de schrieb:
On Tue, 15 Oct 2013 13:19:38 +0200, Thijs Kinkhorst
th...@debian.org wrote:
I'm missing why the package cannot use the EICAR test virus signature
for
its purposes.
eicar.com does not have a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dominik George n...@naturalnet.de schrieb:
I do not think it is actually copyrightable software. It is a string
that was agreed in to trigger antivirus scanners, so it is more or less
a protocol. Consider the downloads at eicar.com reference
* Dominik George:
It isn't a false positive in that regard that the package *does* in fact
contain the virus sample.
That's non-free code and not suitable for main, so it must be removed
from the source tarball anyway.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a
On Wed, Oct 16, 2013 at 01:11:01PM +0200, Dominik George wrote:
Looking at it as code, it is a 16-bit DOS Hello world-program. Not
copyrightable, I suppose.
I do not want EICAR to be copywritable, but I reckon it probably is.
A surprising amount of work went into developing EICAR: it's a valid
On Wed, 16 Oct 2013 12:59:33 +0200, Dominik George n...@naturalnet.de
wrote:
Marc Haber mh+debian-de...@zugschlus.de schrieb:
On Tue, 15 Oct 2013 13:19:38 +0200, Thijs Kinkhorst
th...@debian.org wrote:
I'm missing why the package cannot use the EICAR test virus signature
for
its purposes.
On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George n...@naturalnet.de
wrote:
Some of the source packages were caught on a gateway anti-virus scanner
while
downloading.
Using a gateway anti-virus scanner for downloads from the
On Wed, 16 Oct 2013 20:17:53 +, Andrew M.A. Cater
amaca...@galactic.demon.co.uk wrote:
On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George n...@naturalnet.de
wrote:
Some of the source packages were caught on a gateway anti-virus
Package: general
Severity: normal
Some of the source packages were caught on a gateway anti-virus scanner while
downloading.
These are the exact downloads:
http://ftp.fi.debian.org/debian/pool/main/libm/libmime-explode-perl/libmime-
explode-perl_0.39.orig.tar.gz
Hi,
I have looked into this a bit.
Some of the source packages were caught on a gateway anti-virus scanner while
downloading.
Using a gateway anti-virus scanner for downloads from the Debian archive
seems a bit inappropriate, well, paranoid. Checking the signed hashsums
would seem a lot
Pymilter is a false positive.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/fe0156c2-4f46-448c-b585-6323a1778...@email.android.com
On Tue, October 15, 2013 12:54, Dominik George wrote:
I looked into one of these, libmail-deliverystatus-bounceparser-
perl_1.531.orig.tar.gz, and found multipart email file containing zip
attachment. Inside this archive is a .pif file (PE32 executable for MS
Windows)
which is detected as
On Tuesday 15 October 2013 13:19:38 Thijs Kinkhorst wrote:
It isn't a false positive in that regard that the package *does* in fact
contain the virus sample. However, it *is* a false positive, as the
sample is there intentionally, and no virus scanner can guess the reason
why it is there.
On Tue, October 15, 2013 14:09, Dominique Dumont wrote:
In libmail-deliverystatus-bounceparser-perl case, the virus is used on the
non-regressions test which are shipped in the original tarball (and in
Debian *source* package). This virus is *not* shipped in Debian binary
package.
I'm still
On 10/15/2013 03:09 PM, Dominique Dumont wrote:
On Tuesday 15 October 2013 13:19:38 Thijs Kinkhorst wrote:
It isn't a false positive in that regard that the package *does* in fact
contain the virus sample. However, it *is* a false positive, as the
sample is there intentionally, and no virus
On 2013-10-15 11:54, Dominik George wrote:
[Jarkko Palviainen; attribution lost in quoted mail]
http://ftp.fi.debian.org/[...]
If you suspect an issue with the Debian archive, please test against
ftp.debian.org.
That's not particularly great advice. ftp.debian.org is just another
Jarkko Palviainen jarkko.palviainen at f-secure.com writes:
I looked into one of these, libmail-deliverystatus-bounceparser-
perl_1.531.orig.tar.gz, and found multipart email file containing zip
attachment. Inside this archive is a .pif file (PE32 executable for MS
Windows)
which is detected
Boots fine if the image is not persistent.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/0c081e4b-992d-4c1e-8eb4-6b3884e5b...@email.android.com
Scott Kitterman skl...@kitterman.com wrote:
Boots fine if the image is not persistent.
Sorry. Wrong bug.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
31 matches
Mail list logo