Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Mail-DeliveryStatus-BounceParser CPAN distribution.

Report information
The Basics
Id: 122559
Status: open
Priority: 0/
Queue: Mail-DeliveryStatus-BounceParser

People
Owner: Nobody in particular
Requestors: gregoa [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



From: gregoa [...] cpan.org
Subject: Mail::DeliveryStatus::BounceParser contains a live virus and some real spam/phishing mails
We have the following bug reported to the Debian package of Mail-DeliveryStatus-BounceParser (https://bugs.debian.org/864800): It doesn't seem to be a bug in the packaging, so you may want to take a look. Thanks! This is similar to https://rt.cpan.org/Public/Bug/Display.html?id=103284 except that the effects of the issue are more far-reaching. ------8<-----------8<-----------8<-----------8<-----------8<----- Source: libmail-deliverystatus-bounceparser-perl Version: 1.531-1 Severity: serious X-Debbugs-CC: Ricardo Signes <rjbs@cpan.org> Control: forwarded -1 Ricardo Signes <rjbs@cpan.org> Control: found -1 1.536-1 Control: found -1 1.542-1 User: debian-admin@lists.debian.org Usertags: needed-by-DSA-Team The Mail::DeliveryStatus::BounceParser source contains a live virus and some real spam/phishing mails. This is leading to Netcraft and other virus detection systems on the Internet reporting Debian mirrors as malicious, which potentially reduces the reputation of debian.org on various anti-spam and anti-malware services. Please fix this in upstream git, with a new release on CPAN and in all Debian suites. https://incident.netcraft.com/w/b0d11ab53944/ https://incident.netcraft.com/w/ffb6f95e5301/ To fix this you will need to strip the account-password.zip attachment from t/corpus/virus-caused-multiple-weird-reports.msg and if possible strip the phishing/spam content from the other files, while ensuring that the tests still pass despite changes to the corpus but that the new files in the corpus do not trip any anti-virus checkers: https://www.virustotal.com/ $ clamdscan --fdpass --infected | sed "s|`pwd`/||" t/corpus/virus-caused-multiple-weird-reports.msg: Win.Worm.Mytob-331 FOUND t/corpus/spam-with-badly-parsed-email.msg: Sanesecurity.Phishing.Ivt.6456.UNOFFICIAL FOUND t/corpus/spam-lots-of-bogus-addresses.msg: Sanesecurity.Spam.8684.UNOFFICIAL FOUND Show quoted text
----------- SCAN SUMMARY ----------- Infected files: 3 Time: 0.087 sec (0 m 0 s) -- bye, pabs https://wiki.debian.org/PaulWise ------8<-----------8<-----------8<-----------8<-----------8<----- Thanks for considering, gregor herrmann, Debian Perl Group
On Fri Jul 21 14:24:56 2017, GREGOA wrote: Show quoted text
> We have the following bug reported to the Debian package of > Mail-DeliveryStatus-BounceParser (https://bugs.debian.org/864800): > > It doesn't seem to be a bug in the packaging, so you may want to take > a look. Thanks! > > This is similar to > https://rt.cpan.org/Public/Bug/Display.html?id=103284 > except that the effects of the issue are more far-reaching. > > > ------8<-----------8<-----------8<-----------8<-----------8<----- > > Source: libmail-deliverystatus-bounceparser-perl > Version: 1.531-1 > Severity: serious > X-Debbugs-CC: Ricardo Signes <rjbs@cpan.org> > Control: forwarded -1 Ricardo Signes <rjbs@cpan.org> > Control: found -1 1.536-1 > Control: found -1 1.542-1 > User: debian-admin@lists.debian.org > Usertags: needed-by-DSA-Team > > The Mail::DeliveryStatus::BounceParser source contains a live virus > and > some real spam/phishing mails. This is leading to Netcraft and other > virus detection systems on the Internet reporting Debian mirrors as > malicious, which potentially reduces the reputation of debian.org on > various anti-spam and anti-malware services. Please fix this in > upstream git, with a new release on CPAN and in all Debian suites. > > https://incident.netcraft.com/w/b0d11ab53944/ > https://incident.netcraft.com/w/ffb6f95e5301/ > > To fix this you will need to strip the account-password.zip attachment > from t/corpus/virus-caused-multiple-weird-reports.msg and if possible > strip the phishing/spam content from the other files, while ensuring > that the tests still pass despite changes to the corpus but that the > new files in the corpus do not trip any anti-virus checkers: > > https://www.virustotal.com/ > > $ clamdscan --fdpass --infected | sed "s|`pwd`/||" > t/corpus/virus-caused-multiple-weird-reports.msg: Win.Worm.Mytob-331 > FOUND > t/corpus/spam-with-badly-parsed-email.msg: > Sanesecurity.Phishing.Ivt.6456.UNOFFICIAL FOUND > t/corpus/spam-lots-of-bogus-addresses.msg: > Sanesecurity.Spam.8684.UNOFFICIAL FOUND > > ----------- SCAN SUMMARY ----------- > Infected files: 3 > Time: 0.087 sec (0 m 0 s)
Personally I would be tempted to delete the offending files but releases have been with rjbs lately so I'll defer to him.