[SOLVED] Python-2.7.4 on mirrors marked as infected
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ftp> open elektroni.phys.tut.fi
Connected to elektroni.phys.tut.fi.
...etc...
ftp> get Python-2.7.4.tar.xz
local: Python-2.7.4.tar.xz remote: Python-2.7.4.tar.xz
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for Python-2.7.4.tar.xz (10250644 bytes).
550-Transfer failed. The file Python-2.7.4.tar.xz is infected with the virus W32/BZip.AGENT!tr. File quarantined as .
550 *
I wanted to reinstall this file as I was experiencing an inability to get the upgrade via slackpkg. Question though, if the file is compromised, why have they left it on the servers?
The other question is : if a file is infected with something that is clearly meant for the ***dows platform, and your PC (Linux) is configured not to be able to run it...does it pose a risk?
The other question is : if a file is infected with something that is clearly meant for the ***dows platform, and your PC (Linux) is configured not to be able to run it...does it pose a risk?
not to my slackbox I suppose, but you do install this Python file as root, and if the W32 malware unpacks itself and has the capability of running nmap, id's Winboxen and goes to work...but it is curious why some presumably W32 malware has been packed into a linux software package...
I wanted to reinstall this file as I was experiencing an inability to get the upgrade via slackpkg. Question though, if the file is compromised, why have they left it on the servers?
Could the server you access have been compromised? It would be valuable to see whether you get the same error message from other Slackware mirrors. If the same package on other Slackware mirrors gives you the same warning message about virus infection, then there are other problems that TBDFL may need to investigate.
Did you run the ftp command on the Slackware box? Have you installed some kind of virus protection on that Slackware system?
If you run it on Slackware and have not installed virus protection, I bet you do not connect directly to elektroni.phys.tut.fi but your connection goes through some kind of virus "protection" middle box, with broken virus id database. That would explain your earlier problems, too.
Could the server you access have been compromised?
No. The MD5 checksum of Python-2.7.4.tar.xz checked locally at elektroni.phys.tut.fi is the same as listed in CHECKSUMS.md5. And gpg validates Python-2.7.4.tar.xz.asc as a good signature from "Benjamin Peterson <benjamin@python.org>".
False virus signature matches are quite common, though it's not quite as bad as it once was. Back when we were using .tgz it happened much more, probably because the viruses were using that compression scheme as well. A hit in an xz compressed file could be a sign that they're switching to that now. Most of the time the hits would come in the kde-l10n packages... the Russian package used to get hits all the time, probably on some common word or phrase that was nowhere near the unique signature the people working on the virus definition database thought it was.
I've probably been sent thousands of emails with subjects like "VIRUS found in Slackware!". I used to try to explain what was happening, but it was mostly useless. The reporter always had much more faith in their virus software than whatever I was saying, and even if I finally got them to understand then they often expected I'd help them convince the virus software people that a fix was needed (I did try this early on for a false hit on the Nutcracker virus, and found their ears were just as deaf).
In no case has one of these hits on Slackware files ever turned out to be real.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.