this is interesting

I wanted to reinstall this file as I was experiencing an inability to get the upgrade via slackpkg. Question though, if the file is compromised, why have they left it on the servers?

The other question is : if a file is infected with something that is clearly meant for the ***dows platform, and your PC (Linux) is configured not to be able to run it...does it pose a risk?

not to my slackbox I suppose, but you do install this Python file as root, and if the W32 malware unpacks itself and has the capability of running nmap, id's Winboxen and goes to work...but it is curious why some presumably W32 malware has been packed into a linux software package...

Could the server you access have been compromised? It would be valuable to see whether you get the same error message from other Slackware mirrors. If the same package on other Slackware mirrors gives you the same warning message about virus infection, then there are other problems that TBDFL may need to investigate.

no time to investigate it but can anybody check if does match to the official signature ?

http://slackware.osuosl.org/slackwar...7.4.tar.xz.asc

Did you run the ftp command on the Slackware box? Have you installed some kind of virus protection on that Slackware system?

If you run it on Slackware and have not installed virus protection, I bet you do not connect directly to elektroni.phys.tut.fi but your connection goes through some kind of virus "protection" middle box, with broken virus id database. That would explain your earlier problems, too.

No. The MD5 checksum of Python-2.7.4.tar.xz checked locally at elektroni.phys.tut.fi is the same as listed in CHECKSUMS.md5. And gpg validates Python-2.7.4.tar.xz.asc as a good signature from "Benjamin Peterson <benjamin@python.org>".

python-2.7.5 is available

changelog here:

http://hg.python.org/cpython/file/ab...2788/Misc/NEWS

Issue #17843: Removed test data file that was triggering false-positive virus
57 warnings with certain antivirus software.
58

1 members found this post helpful.

the Python-2.7.4.tar.xz files on mirror.csclub.uwaterloo.ca and elektroni.phys.tut.fi do match the official signature of the file hosted at osuosl.org

False virus signature matches are quite common, though it's not quite as bad as it once was. Back when we were using .tgz it happened much more, probably because the viruses were using that compression scheme as well. A hit in an xz compressed file could be a sign that they're switching to that now. Most of the time the hits would come in the kde-l10n packages... the Russian package used to get hits all the time, probably on some common word or phrase that was nowhere near the unique signature the people working on the virus definition database thought it was.

I've probably been sent thousands of emails with subjects like "VIRUS found in Slackware!". I used to try to explain what was happening, but it was mostly useless. The reporter always had much more faith in their virus software than whatever I was saying, and even if I finally got them to understand then they often expected I'd help them convince the virus software people that a fix was needed (I did try this early on for a false hit on the Nutcracker virus, and found their ears were just as deaf).

In no case has one of these hits on Slackware files ever turned out to be real.

4 members found this post helpful.

good to hear Pat, this is the first false positive I think I've ever encountered.