Re: Windows viruses in Debian email packages [from Misc Developer News (#44)]
- Date: Sat, 5 Aug 2017 10:25:10 -0400
- From: Paul Wise <pabs@xxxxxxxxxx>
- Subject: Re: Windows viruses in Debian email packages [from Misc Developer News (#44)]
On Sat, Aug 5, 2017 at 10:03 AM, Steve Robbins wrote:
> The news item doesn't specify what to do after scanning, but the referenced
> bug requests removal of the offending material.
Personally I would recommend removal, especially since most (but not
all) malware is not DFSG-free. If the malware is Free Software then I
would recommend building it from source. I would guess that the source
would not trigger these various malware scanners.
> The news bit refers to "test corpus", so removal would presumably not change
> the output. But I have to wonder: are there not cases where the malware is
> present for *training* a detection system? If so, I would imagine removal
> could reduce the effectiveness of training. So what alternative exists for
> this case (if it indeed is a case we need to worry about)?
Can you think of any particular examples of the type of training you
are talking about?
Personally I tend to think that the training should be done on
real-world malware from the current time in history and any package of
such malware would quickly get out of date and also be non-DFSG-free.
So training some model on Debian buildd systems would be pretty
pointless and that should instead happen on external services. There
is already quite an industry around malware, it might be interesting
for the industry to become more open, transparent and accessible to
people without money but that should happen outside Debian.