From: Gregory Weber <spottedmetal-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: pandoc-discuss <pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
Subject: Re: Detected as trojan in chocolatey repo
Date: Wed, 15 Dec 2021 17:13:19 -0800 (PST) [thread overview]
Message-ID: <0209b12b-3ad1-4fbc-abed-21345db9c773n@googlegroups.com> (raw)
In-Reply-To: <1ae0839c-ca1c-4845-8755-33235432ede2n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
[-- Attachment #1.1: Type: text/plain, Size: 3306 bytes --]
According to https://community.chocolatey.org/packages
"""
Moderation
Every version of each package undergoes a rigorous moderation process
before it goes live that typically includes:
- Security
<https://docs.chocolatey.org/en-us/information/security#chocolatey.org-packages>,
consistency, and quality checking
<https://docs.chocolatey.org/en-us/community-repository/moderation/package-validator/rules/>
- Installation testing
<https://docs.chocolatey.org/en-us/community-repository/moderation/package-verifier>
- Virus checking through VirusTotal
<https://docs.chocolatey.org/en-us/information/security#chocolatey.org-packages>
- Human moderators who give final review and sign off
More detail at Security
<https://docs.chocolatey.org/en-us/information/security#chocolatey.org-packages>
and Moderation
<https://docs.chocolatey.org/en-us/community-repository/moderation>.
"""
So it doesn't seem that virus scanning on the chocolatey repository is a
paid feature.
On Thursday, December 9, 2021 at 4:25:14 PM UTC-5 jmroos...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
>
> Hello, are you the maintainer of your software on chocolatey? Do you have
> issues with false positives? Hope that's all this is. I don't even know why
> the repo installed this package; I didn't get a dependency error when I
> uninstalled it...maybe I removed the software it came with. The file was
> created on the 3rd, but didn't get picked up until a full drive idle scan
> this morning. So real-time missed it. Probably because I have chocolatey
> trusted. Everything is supposed to be scanned already, I thought. Then
> again, they offer integrated virus scanning as a paid feature; I hope that
> doesn't mean they don't scan pushed packages by default.
>
> Usually Kaspersky is pretty good about labeling PUA detections (will say
> *not-a-virus* right on the label) and it isn't heuristic either which is
> naturally a lot more likely to be false. So it tripped some signature. That
> doesn't mean it can't be a false positive though. Unfortunately I deleted
> the file before I thought to upload it to VirusTotal or send it in. I
> scanned the Windows zip and source code from Github to see if it caused a
> detection as well though and didn't detect anything. Also,
> *pandoc-citeproc.exe* is not in those archives anyway, perhaps those data
> are associated with the chocolatey package specifically?
>
> Just wanted to inform. I don't think anything bad happened to my PC. I
> hope it isn't indicative of someone somehow sneaking trojans into other
> legitimate chocolatey packages after they've been pushed to the repo. That
> seems like a stretch though.
>
> If you have any insight on this I'd appreciate it. I might just need to
> switch antivirus providers. Their firewall has been aggravating me for days
> as it is. Have a nice day.
>
>
--
You received this message because you are subscribed to the Google Groups "pandoc-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/0209b12b-3ad1-4fbc-abed-21345db9c773n%40googlegroups.com.
[-- Attachment #1.2: Type: text/html, Size: 4239 bytes --]
prev parent reply other threads:[~2021-12-16 1:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-09 21:25 Jesse
[not found] ` <1ae0839c-ca1c-4845-8755-33235432ede2n-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
2021-12-16 1:13 ` Gregory Weber [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0209b12b-3ad1-4fbc-abed-21345db9c773n@googlegroups.com \
--to=spottedmetal-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).