> You can disagree with this approach. However, in my 10+ experience
> setting up security gateways for Internet traffic (mostly for
> HTTP/FTP/SMTP) I've seen only a few vulnerabilities in the gateways
> themselves. Many of the gateways I have deployed are either network
> appliances with a Commo
On 18 October 2013 12:41, Kevin Chadwick wrote:
>> I have to join Marc here and say "me too". In my organisation we
>> actually have those controls in place (antivirus/antimalware) in the
>> Internet gateways and we do not disable them for specific traffic
>> flows unless a detailed risk analysis
On Fri, 18 Oct 2013, Thorsten Glaser wrote:
> On Tue, 15 Oct 2013, Thijs Kinkhorst wrote:
> > I'm still not sure why the virus contained in the source could not be
> > replaced by the EICAR test signature.
>
> Because it’s not testing a virus scanner, but because the
> specific RFC822 message in q
>
> It's not difficult if you reject the requirement of being DOS[0] executable:
I meant ending up with something byte-for-byte identical.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http
* Jonathan Dowland , 2013-10-18, 08:55:
Someone should reimplement eicar under a clear license using clean room
techniques. I may do so if I find time.
It's not difficult if you reject the requirement of being DOS[0] executable:
echo$IFS'Free-Antivirus-Test-File'|tr$IFS'-'$IFS"$IFS"
The hard
On Tue, 15 Oct 2013, Thijs Kinkhorst wrote:
> I'm still not sure why the virus contained in the source could not be
> replaced by the EICAR test signature.
Because it’s not testing a virus scanner, but because the
specific RFC822 message in question exhibited multiple problems
in the code, due to
> I have to join Marc here and say "me too". In my organisation we
> actually have those controls in place (antivirus/antimalware) in the
> Internet gateways and we do not disable them for specific traffic
> flows unless a detailed risk analysis has been done (and approved).
Personally I disagree
On 17 Oct 2013, at 19:21, Javier Fernandez-Sanguino wrote:
>> eicar.com does not have a distributable license.
>
> Neither does the virus discussed in this thread (Win32.Worm.Mytob.EF)
> included in libmail-deliverystatus-bounceparser-perl.
Good point, I agree it should be removed on that bas
On 16 October 2013 10:56, Marc Haber wrote:
> On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
> wrote:
>>I'm missing why the package cannot use the EICAR test virus signature for
>>its purposes.
>
> eicar.com does not have a distributable license.
Neither does the virus discussed in this t
On 16 October 2013 11:12, Marc Haber wrote:
> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George
> wrote:
>>> Some of the source packages were caught on a gateway anti-virus scanner
>>> while
>>> downloading.
>>
>>Using a gateway anti-virus scanner for downloads from the Debian archive
>>seems a
On Wed, October 16, 2013 10:56, Marc Haber wrote:
> On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
> wrote:
>>I'm missing why the package cannot use the EICAR test virus signature for
>>its purposes.
>
> eicar.com does not have a distributable license.
I doubt that's relevant, because the
On Wed, 16 Oct 2013 20:17:53 +, "Andrew M.A. Cater"
wrote:
>On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
>> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George
>> wrote:
>> >> Some of the source packages were caught on a gateway anti-virus scanner
>> >> while
>> >> downloading.
On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George
> wrote:
> >> Some of the source packages were caught on a gateway anti-virus scanner
> >> while
> >> downloading.
> >
> >Using a gateway anti-virus scanner for downloads from the Debi
On Wed, 16 Oct 2013 12:59:33 +0200, Dominik George
wrote:
>Marc Haber schrieb:
>>On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
>> wrote:
>>>I'm missing why the package cannot use the EICAR test virus signature
>>for
>>>its purposes.
>>
>>eicar.com does not have a distributable license.
>
On Wed, Oct 16, 2013 at 01:11:01PM +0200, Dominik George wrote:
> Looking at it as code, it is a 16-bit DOS Hello world-program. Not
> copyrightable, I suppose.
I do not want EICAR to be copywritable, but I reckon it probably is.
A surprising amount of work went into developing EICAR: it's a valid
* Dominik George:
> It isn't a false positive in that regard that the package *does* in fact
> contain the virus sample.
That's non-free code and not suitable for main, so it must be removed
from the source tarball anyway.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dominik George schrieb:
>I do not think it is actually copyrightable software. It is a string
>that was agreed in to trigger antivirus scanners, so it is more or less
>a protocol. Consider the downloads at eicar.com reference
>implementations.
Loo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marc Haber schrieb:
>On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
> wrote:
>>I'm missing why the package cannot use the EICAR test virus signature
>for
>>its purposes.
>
>eicar.com does not have a distributable license.
I do not think it
On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
wrote:
>I'm missing why the package cannot use the EICAR test virus signature for
>its purposes.
eicar.com does not have a distributable license.
Greetings
Marc
--
-- !! No courtesy copies, please !! -
On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George
wrote:
>> Some of the source packages were caught on a gateway anti-virus scanner while
>> downloading.
>
>Using a gateway anti-virus scanner for downloads from the Debian archive
>seems a bit inappropriate, well, paranoid. Checking the signed has
Scott Kitterman wrote:
>Boots fine if the image is not persistent.
Sorry. Wrong bug.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/2fe29cdf-969b-4298-ae9f-8a98
Boots fine if the image is not persistent.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/0c081e4b-992d-4c1e-8eb4-6b3884e5b...@email.android.com
Jarkko Palviainen f-secure.com> writes:
> I looked into one of these, libmail-deliverystatus-bounceparser-
> perl_1.531.orig.tar.gz, and found multipart email file containing zip
> attachment. Inside this archive is a .pif file (PE32 executable for MS
Windows)
> which is detected as Win32.Worm.My
On 2013-10-15 11:54, Dominik George wrote:
[Jarkko Palviainen; attribution lost in quoted mail]
http://ftp.fi.debian.org/[...]
If you suspect an issue with the Debian archive, please test against
ftp.debian.org.
That's not particularly great advice. ftp.debian.org is just another
mirror[tm];
On 10/15/2013 03:09 PM, Dominique Dumont wrote:
On Tuesday 15 October 2013 13:19:38 Thijs Kinkhorst wrote:
It isn't a false positive in that regard that the package *does* in fact
contain the virus sample. However, it *is* a false positive, as the
sample is there intentionally, and no virus scan
On Tue, October 15, 2013 14:09, Dominique Dumont wrote:
> In libmail-deliverystatus-bounceparser-perl case, the virus is used on the
> non-regressions test which are shipped in the original tarball (and in
> Debian *source* package). This virus is *not* shipped in Debian binary
> package.
I'm stil
On Tuesday 15 October 2013 13:19:38 Thijs Kinkhorst wrote:
> > It isn't a false positive in that regard that the package *does* in fact
> > contain the virus sample. However, it *is* a false positive, as the
> > sample is there intentionally, and no virus scanner can guess the reason
> > why it is
On Tue, October 15, 2013 12:54, Dominik George wrote:
>> I looked into one of these, libmail-deliverystatus-bounceparser-
>> perl_1.531.orig.tar.gz, and found multipart email file containing zip
>> attachment. Inside this archive is a .pif file (PE32 executable for MS
>> Windows)
>> which is detect
Pymilter is a false positive.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/fe0156c2-4f46-448c-b585-6323a1778...@email.android.com
Hi,
I have looked into this a bit.
> Some of the source packages were caught on a gateway anti-virus scanner while
> downloading.
Using a gateway anti-virus scanner for downloads from the Debian archive
seems a bit inappropriate, well, paranoid. Checking the signed hashsums
would seem a lot bett
Package: general
Severity: normal
Some of the source packages were caught on a gateway anti-virus scanner while
downloading.
These are the exact downloads:
http://ftp.fi.debian.org/debian/pool/main/libm/libmime-explode-perl/libmime-
explode-perl_0.39.orig.tar.gz
http://ftp.fi.debian.org/debian/p
31 matches
Mail list logo
