classification
Title: Lib/test/testbz2_bigmem.bz2 trigger virus warnings
Type: behavior Stage: commit review
Components: Versions: Python 3.2, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: georg.brandl Nosy List: barry, benjamin.peterson, christian.heimes, georg.brandl, kushal.das, larry, michael.foord, nadeem.vawda, python-dev
Priority: release blocker Keywords: patch

Created on 2013-04-25 11:06 by christian.heimes, last changed 2013-05-12 10:32 by python-dev. This issue is now closed.

Files
File name Uploaded Description Edit
bz2-viruswarning.diff nadeem.vawda, 2013-04-28 17:22 Fix for Python 3.2
Messages (13)
msg187773 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-04-25 11:06
In ebb8c7d79f52 the file Lib/test/testbz2_bigmem.bz2 was added as test case for bug #14398.

The PSRT and webmaster teams have received half a dozen mails which complains about potential harmful content in the Python installers and Python source distribution. Apparently the file triggers a warning in several anti virus programs because it looks like a zip bomb.

I suggest that we remove the file from hg and create it on the fly during tests runs.
msg187774 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-04-25 11:28
Example:

Virus was detected in the content (virus_detected)
Content contained "Trojan-ArcBomb.BZip.Agent" virus. Details: Virus: Trojan-ArcBomb.BZip.Agent; File: Python-2.7.4.tar.bz2; Sub File: //T3obr//Python-2.7.4/Lib/test/testbz2_bigmem.bz2; Vendor: Kaspersky Labs; Engine error code: 0x00014005; Engine version: 8.0.1.23; Pattern version: 130425.042500.9895197; Pattern date: 2013.04.25 04:25:00
msg187820 - (view) Author: Nadeem Vawda (nadeem.vawda) * (Python committer) Date: 2013-04-25 20:56
Oh dear. I'll update the test suite over the weekend. In the meanwhile, Christian, can you confirm which versions are affected? The file should only have been included in 2.7 and 3.2.
msg187999 - (view) Author: Roundup Robot (python-dev) Date: 2013-04-28 16:45
New changeset b7bfedc8ee18 by Nadeem Vawda in branch '2.7':
Issue #17843: Remove bz2 test data that triggers antivirus warnings.
http://hg.python.org/cpython/rev/b7bfedc8ee18
msg188002 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-04-28 16:54
Yes, you are right. Python 3.3.1 doesn't contain the file in question, just 2.7.4 and 3.2.4. 

Could you update Misc/NEWS, too? The release notes should mention that a false positive virus warning was removed.
msg188003 - (view) Author: Roundup Robot (python-dev) Date: 2013-04-28 17:01
New changeset 529c4defbfd7 by Nadeem Vawda in branch '2.7':
Add missing NEWS entry for issue #17843.
http://hg.python.org/cpython/rev/529c4defbfd7
msg188007 - (view) Author: Nadeem Vawda (nadeem.vawda) * (Python committer) Date: 2013-04-28 17:22
OK, 2.7 is done.

Georg, what do we want to do for 3.2? I've attached a patch.
msg188015 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2013-04-28 19:15
Thanks, I've got it from here.
msg188143 - (view) Author: Nadeem Vawda (nadeem.vawda) * (Python committer) Date: 2013-04-30 08:28
Benjamin, please cherry-pick this for 2.7.4 as well (changesets b7bfedc8ee18 and 529c4defbfd7).
msg188164 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2013-04-30 13:45
I'm just going to branch off the current 2.7 branch at this point.
msg188165 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2013-04-30 13:46
Ah, sorry, I see what you mean. Will do.
msg188991 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2013-05-12 09:11
Thanks, applied to 3.2 branch.
msg189001 - (view) Author: Roundup Robot (python-dev) Date: 2013-05-12 10:32
New changeset 9da98ab823c9 by Georg Brandl in branch '3.2':
Issue #17843: Remove bz2 test data that triggers antivirus warnings.
http://hg.python.org/cpython/rev/9da98ab823c9
History
Date User Action Args
2013-05-12 10:32:41python-devsetmessages: + msg189001
2013-05-12 09:11:18georg.brandlsetstatus: open -> closed
resolution: fixed
messages: + msg188991
2013-04-30 13:46:21benjamin.petersonsetmessages: + msg188165
2013-04-30 13:45:24benjamin.petersonsetmessages: + msg188164
2013-04-30 08:28:24nadeem.vawdasetstage: needs patch -> commit review
messages: + msg188143
versions: + Python 2.7
2013-04-28 19:15:03georg.brandlsetmessages: + msg188015
versions: - Python 2.7, Python 3.3, Python 3.4
2013-04-28 17:22:02nadeem.vawdasetfiles: + bz2-viruswarning.diff
assignee: nadeem.vawda -> georg.brandl
messages: + msg188007

keywords: + patch
2013-04-28 17:01:41python-devsetmessages: + msg188003
2013-04-28 16:54:54christian.heimessetmessages: + msg188002
2013-04-28 16:45:39python-devsetnosy: + python-dev
messages: + msg187999
2013-04-25 20:56:08nadeem.vawdasetassignee: nadeem.vawda
messages: + msg187820
2013-04-25 13:47:56barrysetnosy: + barry
2013-04-25 11:36:22kushal.dassetnosy: + kushal.das
2013-04-25 11:28:13christian.heimessetmessages: + msg187774
2013-04-25 11:06:08christian.heimescreate