> You can disagree with this approach. However, in my 10+ experience
> setting up security gateways for Internet traffic (mostly for
> HTTP/FTP/SMTP) I've seen only a few vulnerabilities in the gateways
> themselves. Many of the gateways I have deployed are either network
> appliances with a Commo
On 18 October 2013 12:41, Kevin Chadwick wrote:
>> I have to join Marc here and say "me too". In my organisation we
>> actually have those controls in place (antivirus/antimalware) in the
>> Internet gateways and we do not disable them for specific traffic
>> flows unless a detailed risk analysis
>
> It's not difficult if you reject the requirement of being DOS[0] executable:
I meant ending up with something byte-for-byte identical.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http
* Jonathan Dowland , 2013-10-18, 08:55:
Someone should reimplement eicar under a clear license using clean room
techniques. I may do so if I find time.
It's not difficult if you reject the requirement of being DOS[0] executable:
echo$IFS'Free-Antivirus-Test-File'|tr$IFS'-'$IFS"$IFS"
The hard
> I have to join Marc here and say "me too". In my organisation we
> actually have those controls in place (antivirus/antimalware) in the
> Internet gateways and we do not disable them for specific traffic
> flows unless a detailed risk analysis has been done (and approved).
Personally I disagree
On 17 Oct 2013, at 19:21, Javier Fernandez-Sanguino wrote:
>> eicar.com does not have a distributable license.
>
> Neither does the virus discussed in this thread (Win32.Worm.Mytob.EF)
> included in libmail-deliverystatus-bounceparser-perl.
Good point, I agree it should be removed on that bas
On 16 October 2013 10:56, Marc Haber wrote:
> On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
> wrote:
>>I'm missing why the package cannot use the EICAR test virus signature for
>>its purposes.
>
> eicar.com does not have a distributable license.
Neither does the virus discussed in this t
On 16 October 2013 11:12, Marc Haber wrote:
> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George
> wrote:
>>> Some of the source packages were caught on a gateway anti-virus scanner
>>> while
>>> downloading.
>>
>>Using a gateway anti-virus scanner for downloads from the Debian archive
>>seems a
On Wed, October 16, 2013 10:56, Marc Haber wrote:
> On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
> wrote:
>>I'm missing why the package cannot use the EICAR test virus signature for
>>its purposes.
>
> eicar.com does not have a distributable license.
I doubt that's relevant, because the
On Wed, 16 Oct 2013 20:17:53 +, "Andrew M.A. Cater"
wrote:
>On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
>> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George
>> wrote:
>> >> Some of the source packages were caught on a gateway anti-virus scanner
>> >> while
>> >> downloading.
On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George
> wrote:
> >> Some of the source packages were caught on a gateway anti-virus scanner
> >> while
> >> downloading.
> >
> >Using a gateway anti-virus scanner for downloads from the Debi
On Wed, 16 Oct 2013 12:59:33 +0200, Dominik George
wrote:
>Marc Haber schrieb:
>>On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
>> wrote:
>>>I'm missing why the package cannot use the EICAR test virus signature
>>for
>>>its purposes.
>>
>>eicar.com does not have a distributable license.
>
On Wed, Oct 16, 2013 at 01:11:01PM +0200, Dominik George wrote:
> Looking at it as code, it is a 16-bit DOS Hello world-program. Not
> copyrightable, I suppose.
I do not want EICAR to be copywritable, but I reckon it probably is.
A surprising amount of work went into developing EICAR: it's a valid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dominik George schrieb:
>I do not think it is actually copyrightable software. It is a string
>that was agreed in to trigger antivirus scanners, so it is more or less
>a protocol. Consider the downloads at eicar.com reference
>implementations.
Loo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marc Haber schrieb:
>On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
> wrote:
>>I'm missing why the package cannot use the EICAR test virus signature
>for
>>its purposes.
>
>eicar.com does not have a distributable license.
I do not think it
On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
wrote:
>I'm missing why the package cannot use the EICAR test virus signature for
>its purposes.
eicar.com does not have a distributable license.
Greetings
Marc
--
-- !! No courtesy copies, please !! -
On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George
wrote:
>> Some of the source packages were caught on a gateway anti-virus scanner while
>> downloading.
>
>Using a gateway anti-virus scanner for downloads from the Debian archive
>seems a bit inappropriate, well, paranoid. Checking the signed has
Jarkko Palviainen f-secure.com> writes:
> I looked into one of these, libmail-deliverystatus-bounceparser-
> perl_1.531.orig.tar.gz, and found multipart email file containing zip
> attachment. Inside this archive is a .pif file (PE32 executable for MS
Windows)
> which is detected as Win32.Worm.My
On Tue, October 15, 2013 14:09, Dominique Dumont wrote:
> In libmail-deliverystatus-bounceparser-perl case, the virus is used on the
> non-regressions test which are shipped in the original tarball (and in
> Debian *source* package). This virus is *not* shipped in Debian binary
> package.
I'm stil
On Tuesday 15 October 2013 13:19:38 Thijs Kinkhorst wrote:
> > It isn't a false positive in that regard that the package *does* in fact
> > contain the virus sample. However, it *is* a false positive, as the
> > sample is there intentionally, and no virus scanner can guess the reason
> > why it is
20 matches
Mail list logo
