From: | gregoa [...] cpan.org |
Subject: | Mail::DeliveryStatus::BounceParser contains a live virus and some real spam/phishing mails |
We have the following bug reported to the Debian package of
Mail-DeliveryStatus-BounceParser (https://bugs.debian.org/864800):
It doesn't seem to be a bug in the packaging, so you may want to take
a look. Thanks!
This is similar to https://rt.cpan.org/Public/Bug/Display.html?id=103284
except that the effects of the issue are more far-reaching.
------8<-----------8<-----------8<-----------8<-----------8<-----
Source: libmail-deliverystatus-bounceparser-perl
Version: 1.531-1
Severity: serious
X-Debbugs-CC: Ricardo Signes <rjbs@cpan.org>
Control: forwarded -1 Ricardo Signes <rjbs@cpan.org>
Control: found -1 1.536-1
Control: found -1 1.542-1
User: debian-admin@lists.debian.org
Usertags: needed-by-DSA-Team
The Mail::DeliveryStatus::BounceParser source contains a live virus and
some real spam/phishing mails. This is leading to Netcraft and other
virus detection systems on the Internet reporting Debian mirrors as
malicious, which potentially reduces the reputation of debian.org on
various anti-spam and anti-malware services. Please fix this in
upstream git, with a new release on CPAN and in all Debian suites.
https://incident.netcraft.com/w/b0d11ab53944/
https://incident.netcraft.com/w/ffb6f95e5301/
To fix this you will need to strip the account-password.zip attachment
from t/corpus/virus-caused-multiple-weird-reports.msg and if possible
strip the phishing/spam content from the other files, while ensuring
that the tests still pass despite changes to the corpus but that the
new files in the corpus do not trip any anti-virus checkers:
https://www.virustotal.com/
$ clamdscan --fdpass --infected | sed "s|`pwd`/||"
t/corpus/virus-caused-multiple-weird-reports.msg: Win.Worm.Mytob-331 FOUND
t/corpus/spam-with-badly-parsed-email.msg: Sanesecurity.Phishing.Ivt.6456.UNOFFICIAL FOUND
t/corpus/spam-lots-of-bogus-addresses.msg: Sanesecurity.Spam.8684.UNOFFICIAL FOUND
Show quoted text
----------- SCAN SUMMARY -----------
Infected files: 3
Time: 0.087 sec (0 m 0 s)
--
bye,
pabs
https://wiki.debian.org/PaulWise
------8<-----------8<-----------8<-----------8<-----------8<-----
Thanks for considering,
gregor herrmann,
Debian Perl Group