Web lists-archives.com

Re: Windows viruses in Debian email packages [from Misc Developer News (#44)]




On Sat, 05 Aug 2017 at 09:03:12 -0500, Steve Robbins wrote:
> The news bit refers to "test corpus", so removal would presumably not change 
> the output.  But I have to wonder: are there not cases where the malware is 
> present for *training* a detection system?  If so, I would imagine removal 
> could reduce the effectiveness of training.  So what alternative exists for 
> this case (if it indeed is a case we need to worry about)?

Encrypt it with a well-known symmetric password and decrypt it at
build-time? Or use libgfshare to split it into two parts (which should
be statistically indistinguishable from random) and recombine them at
build-time?

All that's necessary is to obfuscate the offending content to an extent
where automated detection won't notice, and there are lots of ways to
do that.

    S