[Mageia-discuss] malware checking on our repositories?

nicolas vigier boklm at mars-attacks.org
Mon Mar 14 18:09:39 CET 2011


On Mon, 14 Mar 2011, Mattias Kilbo wrote:

> > > I do not know if we have anything like this already
> > but if not:
> > > 
> > > How about we put some anti malware checking on our
> > repositories? So
> > > when someone adds or changes a package an automatic
> > anti malware check
> > > is done.
> > 
> > Well, what do you propose to setup ?
> > 
> > Do you have a product that would have detected what
> > happened to gentoo ?
> > 
> > -- Michael Scherer
> > 
> 
> I do not have deep enough knowledge in packaging to have a setup. But something along the lines of:
> A package is uploaded
> An automatic test is done with some anti-malware program
> If anything suspicious if found the update is set on hold until some "admin" checks the potential malware.
> 
> There are some anti virus programs for Linux
> http://en.wikipedia.org/wiki/Linux_malware#Anti-virus_applications
> And some of them (at least on windows) can find malware in code that is not yet know as malware. I do not know if any of it would have detected the Unreal malware.

I think creating a software that detect unknow malware is as difficult as
creating software that detect unknow bugs. It would require some
artificial intelligence that can find if a software is removing files
or open network connection for good or bad reasons. And I don't think it
exists yet.



More information about the Mageia-discuss mailing list