[Mageia-discuss] malware checking on our repositories?

Mattias Kilbo mattiaskilbo at yahoo.se
Mon Mar 14 15:26:16 CET 2011


> > I do not know if we have anything like this already
> but if not:
> > 
> > How about we put some anti malware checking on our
> repositories? So
> > when someone adds or changes a package an automatic
> anti malware check
> > is done.
> 
> Well, what do you propose to setup ?
> 
> Do you have a product that would have detected what
> happened to gentoo ?
> 
> -- Michael Scherer
> 

I do not have deep enough knowledge in packaging to have a setup. But something along the lines of:
A package is uploaded
An automatic test is done with some anti-malware program
If anything suspicious if found the update is set on hold until some "admin" checks the potential malware.

There are some anti virus programs for Linux
http://en.wikipedia.org/wiki/Linux_malware#Anti-virus_applications
And some of them (at least on windows) can find malware in code that is not yet know as malware. I do not know if any of it would have detected the Unreal malware.

//Mattias




More information about the Mageia-discuss mailing list