[SC.LUG] I'd Prefer Comments From Actual Trebus Users

[Pete Barnwell]

On Mon, 2005-12-26 at 01:44 +0000, Gareth Bowker wrote:
> On Sun, Dec 25, 2005 at 11:11:48PM -0000, Frank Mitchell wrote:
> > 
> > Reviewing the fuss at NWLUG, I don't see the reason for it now. Anybody can
> > download free Linux Anti-Virus Software and give Trebus a scan. If he was
> > suspicious, Andrew Hutchings could have done this for them, though he said
> > he didn't have the time. Unless I've invented a new Linux Virus as well as a
> > new Linux CD Archiver, what's the problem? I understand it looked suspicious
> > when I talked about running Trebus as root, even on an old machine, and I'll
> > give more attention to Users and Groups next time. But clearly some people
> > would have complained anyway.
> 
> If I sent you a program claiming to do some fantastic whizz-bang new
> thing at twice the speed of anything else out there, but sent it to you
> unsolicited and without source, would you run it? If yes, then I'm
> guessing you've probably fallen afoul of several viruses already if
> you're running Windows anywhere. Running untrusted unverified code which
> has been sent to you anonymously is the reason my email inbox keeps
> getting flooded with crappy windows executables claiming to be pictures
> of god-knows-who, or a zip file containing, well, who knows what.
> 
> Also, by password-protecting the zip file, it meant that automated virus
> scanners, such as the ones that many people have running on mail
> servers, are unable to scan the file. This would raise many suspicions
> too.

On this point -  I never even saw the original email that had the app
attached - my AV gateway assumes that if it can't unpack and scan an
email then there must be something dubious about it and simply throws it
away as if *does* contain a virus. I'd imagine other people have similar
setups, so password protecting a zip file may well backfire anyway!

Rgds

Pete