[kwlug-disc] VIrus-ridden ISO in Debian archives?

Doug Moen doug at moens.org
Tue Aug 4 06:43:11 EDT 2020 

The metadata sent to Google includes a hash. Maybe there is a hash collision with a known malware file.

On Mon, Aug 3, 2020, at 9:27 PM, Ron Singh wrote:
> You nailed it Sir! I just turned all that security settings off from the default ON and no more virus/malware message.
> 
> Begs the question though, why is FF flagging that specific file as having a virus/malware? 
> 
> I turned on security again(as per below) and 7 other ISOs(64B and 32B) came down without throwing that virus/malware message...Just this specific ISO.
> 
> image.png
> Not sure if I should say something to a Debian he/she/other.
> 
> Thanks,
> 
> Ron S.
> 
> 
> On Mon, Aug 3, 2020 at 8:50 PM Doug Moen <doug at moens.org> wrote:
>> __
>> Firefox has a security setting where it sends information about your downloaded files to Google to determine if they are malware. Some people may have disabled this setting for privacy reasons, so they wouldn't get this message.
>> 
>> On Mon, Aug 3, 2020, at 10:58 PM, Ron Singh wrote:
>>> OK, I upgraded my FF to v79 as per --
>>> image.png
>>> did the dnld again, still getting the message about the file having a virus/malware.
>>> Additionally, I tried FF ESR 68.x(the latest from Mozillateam's PPA) on my fin laptop, same virus/malware notification.
>>> I tried FF ESR52.9(old!) on my W7 laptop and lo! File downloaded with nary a comment about virus/malware!
>>> 
>>> Barnes has no issues with FF 79 on his PC/laptop, so what gives? 
>>> I do hold back non-security updates on my devices, but I cannot imagine this would cause an issue?
>>> All the FF instances areof the  64-bit variety.
>>> 
>>> I will do the full <sudo apt upgrade> thing on a play laptop and see if this quirk/issue goes away.
>>> 
>>> That virustotal.com site is a nice one, never knew about it before.
>>> 
>>> Thanks,
>>> 
>>> Ron S.
>>> 
>>> 
>>> On Sun, Aug 2, 2020 at 10:32 PM Paul Nijjar via kwlug-disc <kwlug-disc at kwlug.org> wrote:
>>>> 
>>>> My usual approach with these things is to submit the file to
>>>> virustotal.com . I did this and it seemed to come up clean?
>>>> 
>>>> https://www.virustotal.com/gui/url/6089dcf5739f5e942b0d943f8062da9ce558b7682fb8b7875ea95b6070a3d8c8/detection
>>>> 
>>>> I believe some antivirus software will work with Firefox to scan files
>>>> as they are downloaded.
>>>> 
>>>> I downloaded the file on my Debian box and got the same message!. It is running Firefox
>>>> 68.6.1esr (32 bit). But I also do not run an antivirus, because I like
>>>> being infected by scary things? I could still click through to
>>>> download the file, though. So I am not sure what is going on.
>>>> 
>>>> - Paul
>>>> 
>>>> On Sun, Aug 02, 2020 at 05:10:09PM -0400, Ron Singh wrote:
>>>> > I am attempting to grab a copy of the i386 Debian 9.13 net-installer ISO.
>>>> > My source is this link:
>>>> > https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/archive/9.13.0+nonfree/i386/iso-cd/
>>>> > 
>>>> > I tried twice with a cold reboot between the 2 attempts. I get this message
>>>> > from FF --
>>>> > 
>>>> > [image: image.png]
>>>> > 
>>>> > "This file contains a virus or malware".
>>>> > 
>>>> > I had no such message after downloading the 64-bit version.
>>>> > Any ideas on how this can be?
>>>> > Mebbe a false positive from FF? Wasn't aware that FF does file integrity
>>>> > screening.
>>>> > 
>>>> > I did try downloading again with Ublock Origin turned off after yet another
>>>> > reboot and nope, still the same message.
>>>> > 
>>>> > Thanks,
>>>> > 
>>>> > Ron S.
>>>> 
>>>> 
>>>> 
>>>> > _______________________________________________
>>>> > kwlug-disc mailing list
>>>> > kwlug-disc at kwlug.org
>>>> > https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>> 
>>>> 
>>>> -- 
>>>> Events: https://feeds.off-topic.kwlug.org 
>>>> Blog: http://pnijjar.freeshell.org
>>>> 
>>>> _______________________________________________
>>>> kwlug-disc mailing list
>>>> kwlug-disc at kwlug.org
>>>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>> _______________________________________________
>>> kwlug-disc mailing list
>>> kwlug-disc at kwlug.org
>>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>> 
>>> 
>>> *Attachments:*
>>>  * image.png
>> 
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> 
> 
> *Attachments:*
>  * image.png
>  * image.png
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200804/658da8e4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 10555 bytes
Desc: not available
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200804/658da8e4/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23659 bytes
Desc: not available
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200804/658da8e4/attachment-0001.png>

More information about the kwlug-disc mailing list