Hello, Here is some bad news (or good news, depends how you take it). You know that malware nowadays often uses javascript (I guess most of you have received some "billing PDF" mail which is actually a tarball containing javascript), and thus GNU/Hurd is potentially affected by such malware since javascript per se is portable. The javascript code however usually downloads a binary payload to be run, and that one is OS-dependent, and GNU/Hurd used to be safe in that regard.
I have however been approached by clamav maintainers, who told me that one such malware got ported to GNU/Hurd! They apparently "just" rebuilt the malware using a GNU/Hurd cross tolchain (why not running the qemu image?! Beats me). They however had to patch the source a bit: apparently in previous versions it was using the PATH_MAX constant, whose 4096 magic number could be seen in the Linux binary. The authors changed that into the classical dynamic allocation loop. Actually the generated code looks very much like the "sample" loop linked from https://www.gnu.org/software/hurd/hurd/porting/guidelines.html : http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=patch-pulse;att=1;bug=522100 Since this is covered by the LGPL licence, the malware should at the very least provide the terms of licence, and offer to get the source of the malware, otherwise it's a copyright infrigment... BTW, the malware is called "something's fishy". Samuel
