| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: joe at joesmith.homeip.net (joe smith) Subject: [VirusTotal] Scan result (fwd) >>Unless for (a purely theretical) example the website would use your >>submission to infect others Right, that is what I'm concern about. I do not know the intension of virustotal.com, and their policy on binaries they received. The parent site (http://www.hispasec.com/) does not offer more information. I believe the intension maybe good but I have some lingering suspicion of *free* service that have you send in binary maybe the elaborate works of vx traders. (cue the conspiracy theories) Me submitting the virus to someone count as distributing the virus (according to the lawyers). I been warn by lawyers about such things. I should add that the lawyers have no problem if I submit the sample to AV company. Its more of a CYA than anything else. J Michel Messerschmidt wrote: >On Fri, Sep 03, 2004 at 10:43:50AM +0530, Aditya Deshmukh wrote: > > >>hey if the binary is infected and does not contain any hardcoded >>sencitive info what do u care about the owners of the website ? >> >> > >Unless for (a purely theretical) example the website would use your >submission to infect others (perhaps with your address as sender) :-) >Although the binary may not contain any sensitive data, it is dangerous >in itself because it is self-replicating and thus hard to control once >it is activated. If your are not very cautious when handling >self-replicating code, you most likely end up sending it out to the >world. > >So for the question how to handle possibly dangerous code >it all comes down to "Who do you trust" ? > > >
Powered by blists - more mailing lists