#36583: Microsoft Partner Program classifies dpaste.com techincal_500 view as a
dangerous Malware Site
-------------------------------+--------------------------------------
Reporter: Peter Kahn | Owner: (none)
Type: Bug | Status: new
Component: Generic views | Version: 5.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Description changed by Peter Kahn:
Old description:
> **Problem**
> Microsoft is flagging in the 500 error debug view's ability to send the
> error details to `dpaste.com` as Malware. This feature and the view seem
> OK to me but:
>
> * When I have run into this class of problem in the past, Microsoft has
> been unwilling to accept evidence of a false positive
>
> * This may impact Django apps in other marketplace verification systems
> as well
>
> **Error Message Excerpt**
> According to the Microsoft Partner program's Malware scanner:
>
> File name: technical_500.html,
> Malware Information:
> Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
> (FileType:.html) (Executable:true)
> ) .
>
> **History**
> The dpaste.com storage capability was added about 4 years ago
> https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
>
> **Workaround**
> If this feature of the view isn't needed, a simple script can surgically
> remove the aspect of the view. TBH, I've yet to try it and will be doing
> so today.
New description:
**Problem**
Microsoft Partner Site Malware scan for a compute image publish attempt to
Azure Marketplace is flagging in the 500 error debug view's ability to
send the error details to `dpaste.com` as Malware. This feature and the
view seem OK to me but:
* When I have run into this class of problem in the past, Microsoft has
been unwilling to accept evidence of a false positive
* This may impact Django apps in other marketplace verification systems as
well
**Error Message Excerpt**
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
(FileType:.html) (Executable:true)
) .
**History**
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
**Workaround**
If this feature of the view isn't needed, a simple script can surgically
remove the aspect of the view. TBH, I've yet to try it and will be doing
so today.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/36583#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070198f610ce59-00d6a126-f0ba-49d8-8f35-f23cb21572bd-000000%40eu-central-1.amazonses.com.
