On Tue, October 15, 2013 12:54, Dominik George wrote: >> I looked into one of these, libmail-deliverystatus-bounceparser- >> perl_1.531.orig.tar.gz, and found multipart email file containing zip >> attachment. Inside this archive is a .pif file (PE32 executable for MS >> Windows) >> which is detected as Win32.Worm.Mytob.EF. > > Yes, and the package carries it because it needs it in its operation. > Have you read the README file?
I have in fact read the README and it doesn't seem to mention anything about this, it doesn't even have the word "virus" at all. >> This doesn't look like a false positive. > > It isn't a false positive in that regard that the package *does* in fact > contain the virus sample. However, it *is* a false positive, as the > sample is there intentionally, and no virus scanner can guess the reason > why it is there. It does no harm in the location where it is, it will > not spread, so is it in fact a virus? No, it isn't. I'm missing why the package cannot use the EICAR test virus signature for its purposes. Thijs -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/54f73ee1a529788f845b9918870d74b3.squir...@aphrodite.kinkhorst.nl
