Automated Malware Scans for KDE Store Uploads
Open, Needs TriagePublic
Actions

Description

As the number of Plasma users grow so will the users of the KDE Store and along with that, the amount of people who will try to upload malware.
We need a sustainable way to deal with this because it's impossible to check every upload manually and relying on users reports is not enough. I think the obvious place to start is with scanning the uploaded files.
While it would be theoretically possible to install ClamAV and scan the files with that, the solution that I am leaning towards is to use an online service such as (Google's) virustotal.com which scans with 59 engines including ClamAV.

This is what a sample of linux malware looks like on virustotal. Ironically ClamAV detects it as Windows malware.

• lavender created this task.Oct 23 2018, 3:42 PM

• lavender updated the task description. (Show Details)Oct 24 2018, 7:50 AM

• lavender added a project: KDE Privacy Goal.May 19 2019, 9:55 PM

ngraham added a subscriber: ngraham.May 21 2019, 5:28 PM

It seems like these kind of malware are already being seen in the wild on linux desktops: EvilGnome

[spam comment removed by sysadmin]

Automated Malware Scans for KDE Store UploadsOpen, Needs TriagePublicActions

Description

Automated Malware Scans for KDE Store Uploads
Open, Needs TriagePublic
Actions