Bug#864800: Mail::DeliveryStatus::BounceParser contains a live virus and some real spam/phishing mails

[Paul Wise]

Source: libmail-deliverystatus-bounceparser-perl
Version: 1.531-1
Severity: serious
X-Debbugs-CC: Ricardo Signes <rjbs at cpan.org>
Control: forwarded -1 Ricardo Signes <rjbs at cpan.org>
Control: found -1 1.536-1
Control: found -1 1.542-1
User: debian-admin at lists.debian.org
Usertags: needed-by-DSA-Team

The Mail::DeliveryStatus::BounceParser source contains a live virus and
some real spam/phishing mails. This is leading to Netcraft and other
virus detection systems on the Internet reporting Debian mirrors as
malicious, which potentially reduces the reputation of debian.org on
various anti-spam and anti-malware services. Please fix this in
upstream git, with a new release on CPAN and in all Debian suites.

https://incident.netcraft.com/w/b0d11ab53944/
https://incident.netcraft.com/w/ffb6f95e5301/

To fix this you will need to strip the account-password.zip attachment
from t/corpus/virus-caused-multiple-weird-reports.msg and if possible
strip the phishing/spam content from the other files, while ensuring
that the tests still pass despite changes to the corpus but that the
new files in the corpus do not trip any anti-virus checkers:

https://www.virustotal.com/

$ clamdscan --fdpass --infected | sed "s|`pwd`/||"
t/corpus/virus-caused-multiple-weird-reports.msg: Win.Worm.Mytob-331 FOUND
t/corpus/spam-with-badly-parsed-email.msg: Sanesecurity.Phishing.Ivt.6456.UNOFFICIAL FOUND
t/corpus/spam-lots-of-bogus-addresses.msg: Sanesecurity.Spam.8684.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Infected files: 3
Time: 0.087 sec (0 m 0 s)

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20170615/61676954/attachment.sig>