[MacPorts] #38097: metasploit @ 3 Virus found during install
#38097: metasploit @ 3 Virus found during install -------------------------------+-------------------------------- Reporter: turbominicooper@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Keywords: virus | Port: metasploit -------------------------------+-------------------------------- When installing Metasploit my Norton Antivirus picked up the attached Infections; ms06_057_webview_setslice.rb (trojan horse) framework-3.0.tar.gz I also discovered one more in the Metasploit2 install but didn't get the name before i deleted the infected file. -- Ticket URL: <https://trac.macports.org/ticket/38097> MacPorts <http://www.macports.org/> Ports system for Mac OS
#38097: metasploit2, metasploit3: Virus found during install ---------------------------------------+------------------------------ Reporter: turbominicooper@… | Owner: opendarwin.org@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: metasploit2, metasploit3 | ---------------------------------------+------------------------------ Changes (by ryandesign@…): * keywords: virus => * owner: macports-tickets@… => opendarwin.org@… * port: metasploit => metasploit2, metasploit3 -- Ticket URL: <https://trac.macports.org/ticket/38097#comment:1> MacPorts <http://www.macports.org/> Ports system for Mac OS
#38097: metasploit2, metasploit3: Virus found during install ---------------------------------------+------------------------------ Reporter: turbominicooper@… | Owner: opendarwin.org@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: metasploit2, metasploit3 | ---------------------------------------+------------------------------ Comment (by egall@…): That's probably correct, the metasploit packages are supposed to contain viruses. I would recommend disabling Norton if you're going to be using metasploit. -- Ticket URL: <https://trac.macports.org/ticket/38097#comment:2> MacPorts <http://www.macports.org/> Ports system for Mac OS
#38097: metasploit2, metasploit3: Virus found during install ---------------------------------------+------------------------------ Reporter: turbominicooper@… | Owner: opendarwin.org@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: metasploit2, metasploit3 | ---------------------------------------+------------------------------ Comment (by turbominicooper@…): is it 100% necessary to include a trojan virus... sounds dodgy to me?? -- Ticket URL: <https://trac.macports.org/ticket/38097#comment:4> MacPorts <http://www.macports.org/> Ports system for Mac OS
#38097: metasploit2, metasploit3: Virus found during install ---------------------------------------+------------------------------ Reporter: turbominicooper@… | Owner: opendarwin.org@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: metasploit2, metasploit3 | ---------------------------------------+------------------------------ Comment (by egall@…): Replying to [comment:4 turbominicooper@…]:
is it 100% necessary to include a trojan virus... sounds dodgy to me??
I mean that's the whole point of the metasploit ports: virus and vulnerability testing. They shouldn't harm your own computer unless you don't have a clue what you're doing. Although maybe the examples and payloads and stuff could get moved to a `+examples` variant or something that isn't set by default? That way users like you who are concerned about virus warnings could just install normally, but people who do need the payloads could just select the variant then. -- Ticket URL: <https://trac.macports.org/ticket/38097#comment:5> MacPorts <http://www.macports.org/> Ports system for Mac OS
#38097: metasploit2, metasploit3: Virus found during install ---------------------------------------+------------------------------ Reporter: turbominicooper@… | Owner: opendarwin.org@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: metasploit2, metasploit3 | ---------------------------------------+------------------------------ Changes (by cal@…): * cc: cal@… (added) Comment: Replying to [comment:5 egall@…]:
Although maybe the examples and payloads and stuff could get moved to a `+examples` variant or something that isn't set by default?
IMO, users who don't know why and how metasploit ships dangerous software just shouldn't install it in the first place. We could add a warning to the description or to `port notes metasploit{,3}`, though. Moving the examples and payloads won't help in this case anyway, because the virus scanner deems the distfile tarball to be dangerous. There's nothing MacPorts can do about that. -- Ticket URL: <https://trac.macports.org/ticket/38097#comment:6> MacPorts <http://www.macports.org/> Ports system for Mac OS
#38097: metasploit2, metasploit3: Virus found during install ---------------------------------------+------------------------------ Reporter: turbominicooper@… | Owner: opendarwin.org@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: metasploit2, metasploit3 | ---------------------------------------+------------------------------ Comment (by turbominicooper@…): Replying to [comment:5 egall@…]:
Replying to [comment:4 turbominicooper@…]:
is it 100% necessary to include a trojan virus... sounds dodgy to me??
I mean that's the whole point of the metasploit ports: virus and vulnerability testing. They shouldn't harm your own computer unless you don't have a clue what you're doing. Although maybe the examples and payloads and stuff could get moved to a `+examples` variant or something that isn't set by default? That way users like you who are concerned about virus warnings could just install normally, but people who do need the payloads could just select the variant then.
yeah i just like my laptop to be 100% virus free even if the danger isnt imminent id rather not have one, especially a trojan seeing as thats a doorway to my machine?? Plus my machines proved its vulnerability by picking it up with the install ;) -- Ticket URL: <https://trac.macports.org/ticket/38097#comment:7> MacPorts <http://www.macports.org/> Ports system for Mac OS
#38097: metasploit2, metasploit3: Virus found during install ---------------------------------------+------------------------------ Reporter: turbominicooper@… | Owner: opendarwin.org@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: metasploit2, metasploit3 | ---------------------------------------+------------------------------ Comment (by turbominicooper@…): Replying to [comment:6 cal@…]:
Replying to [comment:5 egall@…]:
Although maybe the examples and payloads and stuff could get moved to a `+examples` variant or something that isn't set by default?
IMO, users who don't know why and how metasploit ships dangerous software just shouldn't install it in the first place. We could add a warning to the description or to `port notes metasploit{,3}`, though.
Moving the examples and payloads won't help in this case anyway, because the virus scanner deems the distfile tarball to be dangerous. There's nothing MacPorts can do about that.
I think a 'WARNING MAY CONATIN NUTS' note is definitely needed, as for moving the files, why not have an extra port that users can download as an add-on? Im pretty sure less people would download if they knew it had virus's and im pretty sure not everyone is using an antivirus thinking macports is safe and doesn contain unlisted virus's?? (IMO). -- Ticket URL: <https://trac.macports.org/ticket/38097#comment:8> MacPorts <http://www.macports.org/> Ports system for Mac OS
#38097: metasploit2, metasploit3: Virus found during install ---------------------------------------+------------------------------ Reporter: turbominicooper@… | Owner: opendarwin.org@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: Port: metasploit2, metasploit3 | ---------------------------------------+------------------------------ Comment (by larryv@…): Replying to [comment:8 turbominicooper@…]:
I think a 'WARNING MAY CONATIN NUTS' note is definitely needed, as for moving the files, why not have an extra port that users can download as an add-on?
I don’t think you understand what Cal said. The distfile itself contains the “malicious” payloads; that is what Norton complained about. There’s nothing we can do about that; we are not going to maintain our own custom Metasploit distfile. If upstream wants to include Trojan horses with their software, that is their prerogative.
Im pretty sure less people would download if they knew it had virus's and im pretty sure not everyone is using an antivirus thinking macports is safe and doesn contain unlisted virus's?? (IMO).
MacPorts is perfectly safe and does not contain “unlisted viruses”. It’s Metasploit that contains “unlisted viruses”. If this makes you uncomfortable, you should not be using Metasploit. -- Ticket URL: <https://trac.macports.org/ticket/38097#comment:9> MacPorts <http://www.macports.org/> Ports system for Mac OS
#38097: metasploit2, metasploit3: Virus found during install ---------------------------------------+------------------------------ Reporter: turbominicooper@… | Owner: opendarwin.org@… Type: defect | Status: closed Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: wontfix | Keywords: Port: metasploit2, metasploit3 | ---------------------------------------+------------------------------ Changes (by jmr@…): * status: new => closed * resolution: => wontfix Comment: Yes, the entire point of Metasploit is to provide tools that are equivalent to malware, so that you can test your systems' resistance to them. -- Ticket URL: <https://trac.macports.org/ticket/38097#comment:10> MacPorts <http://www.macports.org/> Ports system for Mac OS
participants (1)
-
MacPorts