discuss: Trojan files on TLDP server? (fwd)
Subject:
Re: Trojan files on TLDP server? (fwd)
From:
Rick Moen ####@####.####
Date:
4 Apr 2005 20:47:39 -0000
Message-Id: <20050404204735.GD27314@linuxmafia.com>
Quoting Charles Curley ####@####.####
> Does ClamWin know about gzipped tarballs and will it open them up
> before inspecting them? In other words, did he get a false positive
> because ClamWin inspected the compressed data? Back before I abandoned
> Windows, I had this problem with other AV programs.
I suspect that Clamwin _did_ inspect the tarball competently, but that
this was a classic false positive. My point to Brian was that he should
learn to recognise those, and not send folks "you have a virus" mails
merely because Clamwin stumbled on something.
> And I wonder how the viruses got into the tarballs in the first
> place. Unless the originators are deliberately including them, I would
> like an explanation of how a virus got into a tarball which presumably
> originated on a Linux box.
I perhaps wasn't sufficiently explicit: Since each magazine issue is a
reasonably small tarball of HTML and image files, I downloaded the exact
files Brian cited, then skimmed through the entire single-piece-HTML
version of each of those _Linux Gazette_ issues, this morning -- partly
to spot the likely triggers for those false positives, but also partly
so I can say there absolutely is not, and cannot be, any MS-Windows
malware in them.
So, even though this will surprise no one: It's just HTML and image
files, folks. There simply aren't any MS-Windows malware contents.
Never were.
(Not to mention that it'd be a pretty dumb place to put such, for
reasons already cited.)
--
Cheers, "He who hesitates is frost."
Rick Moen -- Inuit proverb
####@####.####
