On Mon, 14 Mar 2011, Mattias Kilbo wrote: > > > I do not know if we have anything like this already > > but if not: > > > > > > How about we put some anti malware checking on our > > repositories? So > > > when someone adds or changes a package an automatic > > anti malware check > > > is done. > > > > Well, what do you propose to setup ? > > > > Do you have a product that would have detected what > > happened to gentoo ? > > > > -- Michael Scherer > > > > I do not have deep enough knowledge in packaging to have a setup. But > something along the lines of: > A package is uploaded > An automatic test is done with some anti-malware program > If anything suspicious if found the update is set on hold until some "admin" > checks the potential malware. > > There are some anti virus programs for Linux > http://en.wikipedia.org/wiki/Linux_malware#Anti-virus_applications > And some of them (at least on windows) can find malware in code that is not > yet know as malware. I do not know if any of it would have detected the > Unreal malware.
I think creating a software that detect unknow malware is as difficult as creating software that detect unknow bugs. It would require some artificial intelligence that can find if a software is removing files or open network connection for good or bad reasons. And I don't think it exists yet.
