Automated Malware Scans for KDE Store Uploads
Open, Needs TriagePublic


As the number of Plasma users grow so will the users of the KDE Store and along with that, the amount of people who will try to upload malware.
We need a sustainable way to deal with this because it's impossible to check every upload manually and relying on users reports is not enough. I think the obvious place to start is with scanning the uploaded files.
While it would be theoretically possible to install ClamAV and scan the files with that, the solution that I am leaning towards is to use an online service such as (Google's) which scans with 59 engines including ClamAV.

This is what a sample of linux malware looks like on virustotal. Ironically ClamAV detects it as Windows malware.

lavender updated the task description. (Show Details)Oct 24 2018, 7:50 AM

It seems like these kind of malware are already being seen in the wild on linux desktops: EvilGnome

[spam comment removed by sysadmin]