[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gNewSense-users] gnewsense package MSEscan. False positive
|
From: |
Sam Geeraerts |
|
Subject: |
Re: [gNewSense-users] gnewsense package MSEscan. False positive |
|
Date: |
Fri, 8 Jul 2016 01:38:17 +0200 |
Op Tue, 5 Jul 2016 15:42:06 -0700
schreef "Johan Andersson" <address@hidden>:
> After an Microsoft security essentials scan the foloewing where
> listede as thereats:
> file:D:\gnewsense\gnewsense-three\gnewsense\pool\main\d\dbacl\dbacl_1.12
> .orig.tar.gz->(GZip)->dbacl-1.12/src/tests/sample.spam-10->(SCRIPT0000)
> file:D:\gnewsense\gnewsense-three\gnewsense\pool\main\p\pymilter-milters
> \pymilter-milters_0.8.13.orig.tar.gz->(GZip)->pymilter-milters-0.8.13/te
> st/honey->(IframeRefI)
> file:D:\gnewsense\gnewsense-three\gnewsense\pool\main\p\pymilter-milters
> \python-milter-docs_0.8.13-5_all.deb->data.tar.gz->(GZip)->./usr/share/d
> oc/python-milter-docs/examples/honey->(IframeRefI)
Thanks for the report. It seems to point specifically to test and
example files. The packages they belong to are designed to be able to
detect spam. So in fact they help to protect against threats instead of
being threats themselves and you're right to recognize them as false
positives.
However, I don't find this reason enough to patch those packages. Tests
and documentation are meant to improve the software, so it's good that
we have them. Perhaps if MS Security Essentials were free software we
would see that it also has a lot of test files in its source code and
then it would mark its own source files as threats. I think for such
cases it makes more sense to whitelist the files in the tool then to
patch the source.
I hope this addresses your concern.