Opened 12 years ago
Closed 12 years ago
#38097 closed defect (wontfix)
metasploit2, metasploit3: Virus found during install
| Reported by: | turbominicooper@… | Owned by: | opendarwin.org@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.1.3 |
| Keywords: | Cc: | cooljeanius (Eric Gallager), neverpanic (Clemens Lang) | |
| Port: | metasploit2, metasploit3 |
Description
When installing Metasploit my Norton Antivirus picked up the attached Infections;
ms06_057_webview_setslice.rb (trojan horse) framework-3.0.tar.gz
I also discovered one more in the Metasploit2 install but didn't get the name before i deleted the infected file.
Attachments (2)
Change History (12)
Changed 12 years ago by turbominicooper@…
| Attachment: | Picture 3.png added |
|---|
Changed 12 years ago by turbominicooper@…
| Attachment: | Picture 4.png added |
|---|
comment:1 Changed 12 years ago by ryandesign (Ryan Carsten Schmidt)
| Keywords: | virus removed |
|---|---|
| Owner: | changed from macports-tickets@… to opendarwin.org@… |
| Port: | metasploit2 metasploit3 added; metasploit removed |
| Summary: | metasploit @ 3 Virus found during install → metasploit2, metasploit3: Virus found during install |
comment:2 Changed 12 years ago by cooljeanius (Eric Gallager)
comment:4 follow-up: 5 Changed 12 years ago by turbominicooper@…
is it 100% necessary to include a trojan virus... sounds dodgy to me??
comment:5 follow-ups: 6 7 Changed 12 years ago by cooljeanius (Eric Gallager)
Replying to turbominicooper@…:
is it 100% necessary to include a trojan virus... sounds dodgy to me??
I mean that's the whole point of the metasploit ports: virus and vulnerability testing. They shouldn't harm your own computer unless you don't have a clue what you're doing. Although maybe the examples and payloads and stuff could get moved to a +examples variant or something that isn't set by default? That way users like you who are concerned about virus warnings could just install normally, but people who do need the payloads could just select the variant then.
comment:6 follow-up: 8 Changed 12 years ago by neverpanic (Clemens Lang)
| Cc: | cal@… added |
|---|
Replying to egall@…:
Although maybe the examples and payloads and stuff could get moved to a
+examplesvariant or something that isn't set by default?
IMO, users who don't know why and how metasploit ships dangerous software just shouldn't install it in the first place. We could add a warning to the description or to port notes metasploit{,3}, though.
Moving the examples and payloads won't help in this case anyway, because the virus scanner deems the distfile tarball to be dangerous. There's nothing MacPorts can do about that.
comment:7 Changed 12 years ago by turbominicooper@…
Replying to egall@…:
Replying to turbominicooper@…:
is it 100% necessary to include a trojan virus... sounds dodgy to me??
I mean that's the whole point of the metasploit ports: virus and vulnerability testing. They shouldn't harm your own computer unless you don't have a clue what you're doing. Although maybe the examples and payloads and stuff could get moved to a
+examplesvariant or something that isn't set by default? That way users like you who are concerned about virus warnings could just install normally, but people who do need the payloads could just select the variant then.
yeah i just like my laptop to be 100% virus free even if the danger isnt imminent id rather not have one, especially a trojan seeing as thats a doorway to my machine?? Plus my machines proved its vulnerability by picking it up with the install ;)
comment:8 follow-up: 9 Changed 12 years ago by turbominicooper@…
Replying to cal@…:
Replying to egall@…:
Although maybe the examples and payloads and stuff could get moved to a
+examplesvariant or something that isn't set by default?IMO, users who don't know why and how metasploit ships dangerous software just shouldn't install it in the first place. We could add a warning to the description or to
port notes metasploit{,3}, though.Moving the examples and payloads won't help in this case anyway, because the virus scanner deems the distfile tarball to be dangerous. There's nothing MacPorts can do about that.
I think a 'WARNING MAY CONATIN NUTS' note is definitely needed, as for moving the files, why not have an extra port that users can download as an add-on? Im pretty sure less people would download if they knew it had virus's and im pretty sure not everyone is using an antivirus thinking macports is safe and doesn contain unlisted virus's?? (IMO).
comment:9 Changed 12 years ago by larryv (Lawrence Velázquez)
Replying to turbominicooper@…:
I think a 'WARNING MAY CONATIN NUTS' note is definitely needed, as for moving the files, why not have an extra port that users can download as an add-on?
I don’t think you understand what Cal said. The distfile itself contains the “malicious” payloads; that is what Norton complained about. There’s nothing we can do about that; we are not going to maintain our own custom Metasploit distfile. If upstream wants to include Trojan horses with their software, that is their prerogative.
Im pretty sure less people would download if they knew it had virus's and im pretty sure not everyone is using an antivirus thinking macports is safe and doesn contain unlisted virus's?? (IMO).
MacPorts is perfectly safe and does not contain “unlisted viruses”. It’s Metasploit that contains “unlisted viruses”. If this makes you uncomfortable, you should not be using Metasploit.
comment:10 Changed 12 years ago by jmroot (Joshua Root)
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Yes, the entire point of Metasploit is to provide tools that are equivalent to malware, so that you can test your systems' resistance to them.
That's probably correct, the metasploit packages are supposed to contain viruses. I would recommend disabling Norton if you're going to be using metasploit.