Scott Kitterman writes ("Re: Problems with source DVDs."):
> There are packages where upstream includes files for testing that trigger a/v
> alerts, even though they are safe. Without knowing which files triggered the
> alerts, it's almost impossible for us to answer your question.
That might be the cause.
However: the PuTTY project has been suffering for some time from being
occasionally listed as malware. Notably, for example, the hash of the
actual released putty.exe appeared in a malware list. PuTTY's
developers complained, and it was removed. The next release, same
thing.
The problem occurred with many virus checkers. PuTTY were mostly
dealing with ClamAV because they have the least horribly-closed
process - ie you can actually talk to them and sometimes even get an
individual false positive fixed. But AFAICT ClamAV get their
signatures from some kind of secret database which you have to sign up
to an NDA to get access to.
No-one was ever able to explain why PuTTY keeps getting listed as
malware. In IRL conversations with Simon Tatham he had a number of
theories about how this might occur by accident, but I have to say I
didn't find them plausible.
My theory is that one of PuTTY's proprietary competitors is
deliberately poisoning AV databases. After all, by now, there is
almost no reason for a straight head-to-head proprietary competitor to
PuTTY to even exist. Most of those products are, now, produced by
shysters, who are monetising users' ignorance. They need to
differentiate their product from PuTTY and one way is "doesn't set off
your AV".
Sadly it seems unlikely we'll ever be able to find out what's really
going on, unless someone leaks a trove of documents or something.
It is possible that something similar is happening to these ISOs. I
doubt that any of *Debian's* competitors would bother with such
shenanigans, but we ship an enormous variety of software, at least
some of which must have unscrupulous competitors.
Ian.
(sad that the world has come to this kind of state)
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
