#36583: Microsoft Partner Program classifies dpaste.com techincal_500 view as a
dangerous Malware Site
----------------------------+-----------------------------------------
Reporter: Peter Kahn | Type: Bug
Status: new | Component: Generic views
Version: 5.2 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------+-----------------------------------------
**Problem**
Microsoft is flagging in the 500 error debug view's ability to send the
error details to `dpaste.com` as Malware. This feature and the view seem
OK to me but:
* When I have run into this class of problem in the past, Microsoft has
been unwilling to accept evidence of a false positive
* This may impact Django apps in other marketplace verification systems as
well
**Error Message Excerpt**
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
(FileType:.html) (Executable:true)
) .
**History**
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
**Workaround**
If this feature of the view isn't needed, a simple script can surgically
remove the aspect of the view. TBH, I've yet to try it and will be doing
so today.
--
Ticket URL: <https://code.djangoproject.com/ticket/36583>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070198f58bab43-5ba82869-aa1a-4816-aa32-a65b3f3dfc0d-000000%40eu-central-1.amazonses.com.
