Internet Archive and Virustotal...again

02k-guy

It's frustrating. I first attempted to use the IA forum to discuss - incredibly the area for software discussion link doesnt work.

All I can say is, those who blindly rely on their A/V to decide for them what is malware - and then reports (sometimes loudly) that such and such file "is infected" does a disservice to those who bust their humps to make sure software is genuine.

Here's my latest exchanges:

info@archive.org
Aug 7, 2023, 10:41 PM (8 hours ago)
to me

Dear Der AppleSeed,

Thank you for your interest in adding files to the Internet Archive. Unfortunately, one or more of the files you uploaded into item FreeCommander appear to be malware, and access to the item on archive.org has been blocked. You can get more details about the malware file(s) here:

freeCommander 2004.10a/freeCommander 2004.10a_fc_setup_.zip https://www.virustotal.com/gui/file/e92bbd413e865c024d2ceaba33783d03923bc3675775c8d9c7592394bbba6e3c/detection/f-e92bbd413e865c024d2ceaba33783d03923bc3675775c8d9c7592394bbba6e3c-1691462150

If you have questions or concerns, you may contact us at info@archive.org.

Thanks,
Internet Archive

Garcia

Have the same problem with the Net Yaroze (programmable playstation) stuff.
I setup archive to store discord chat and attachments, a playstation executable patcher was shared, not a virus, and archive removed the complete archive, not just the single upload!

I have a hunch and I have yet to prove this, if it's packaged in a .iso or cue/bin etc, a cdrom image... it'll stay there. They really really love CDROM's

02k-guy

I suspect you may be onto something re the ISO approach. There is an uploader by name of 'pascal of irate" who has uploaded perhaps 100s of classic warez CDs from back in the day, all including patchers, keygens, etc, and no problem.

While I admire Internet Archive's lofty goals of preserving media, when it's done poorly, we are all penalized.

The more any all all segments of society use the "we know what's best for you" and treat people as children, the more these people so in fact become childlike.

Garcia

I agree with you that the internet is full of children like adults (kidults) and these days "safety" is often used to control and an over reach of power.

Yes, I saw the warez CD's, that's how I came to that theory... and it kinda makes sense in that if someone went to that effort (authoring a CDROM image), then mostlikely, they knew what they were doing, software wise... kinda?

Also Jason (and therefore Archive.org) is a nutty hard leftist, which are always hypocrites. I stop regularly donating to Archive.org when it was obvious many years ago! And now they're in legal problems, because they think laws don't apply to them, stupid!

02k-guy

I dont know who "jason" is. I did notice that on the sidebar to their forum page that news stories with a certain perspective are posted. I chose years ago (when I left Usenet and the Inner Circle) to ignore political posturing and focus on gathering and sharing software. Believe me, I am a scofflaw to my core.

There is a software called SmartVersion by Gilles Vollant (WinImage author) that creates diff files of two or more nearly identical files. Can be text, or binaries. It's used out here in software land for example for ISOs of the same product - say Windows 7 - differ because of language or Edition. English, German, Russian - Home, Professional Enterprise - as examples.

So, it occured to me one could make two archives, one with a troublesome file and one without. Then use SmatVersion to generate its SVF/diff file, upload that plus the "innocent" binary.

I've briefly looked for encrypting utils, but so far, what I've discovered is that anything that uses decent encryption is somewhat large itself, and this matters because it would have to be included in the upload.

Even GNU PGP is somewhat bulky, and not all that user friendly.

Garcia

I recall trying to upload a password protected zip, to quickly circumvent the virus scan, archive rejected it saying it couldn't be scanned or something to that effect.

But that was after the initial virus report, so maybe they dont except protected archives after it's found a virus in accs that has had a virus flagged... who knows

02k-guy

"I recall trying to upload a password protected zip, to quickly circumvent the virus scan, archive rejected it saying it couldn't be scanned or something to that effect."

Ditto. I'm convinced I am now on their "watched" list. Makes me feel special.

It's all a game with the self-righteous. Went thru BS at Betaarchive too, because one person's ego outweighs the needs of the many, (Cue Spock I think).

02k-guy

Zapped again. This time uTorrent 2.2.1. It's a digitally signed file!

I am beyond cuss words strong enough to express my disgust.

Garcia

wow... have you tried putting it in a ISO?
I don't upload executables much to archive, but next time I do, it will be in a ISO image.

02k-guy

All my executables are uploaded in ZIP to preserve timestamps and off some measure of file integrity,

Just yesterday, someone put a Windows 7 activator in an ISO and it looked interesting (was still in process). But before I could snatch it, it was deleted. I found another source and ran it through virustotal, and yup, those incompetent fools had flagged it.

The only thing I know for sure is that VirusTotal has a 650mb max file upload. That may be why full ISOs of warez get a free pass.

I did again complain on the forum, and will continue. I have no confidence in their nanny state approach. It baffles me, because sending all that binary content to VT, then logging the response, sending a automated email, etc, takes up server horsepower.

PS: Hybrid-Analysis.com and my Malwarebytes proggie both said it was clean - of course.

Garcia

ahh, that could be it! the size limit! wow!
It makes sense now, thanks, good to know!

I think things should be flagged with the virus report, maybe a warning before downloading. Not just removed. Maybe it's a WIP.

02k-guy

Welp, made some progress. A simple BAT file to encode, and a container to semi-automatically decode, whose contents will pass VirusTotal Scamware inspection.

Something along the lines of Base64, or Ascii85, or btoa or ZMODEM - all of which /might/ be recognized by Virustotal. Sp it had to be a new algorithm.

Also, wanted a "key required" sort of action - that didn't actually require some damn, easily lost, or wrongly entered manual entry.

Becaause we are talking about 7-8 ascii bytes now representing a single hex value, the result is double or more - but easily is halved with 7zip compression.

When I get a little more polish on it, I will once again post uTorrent to archive dot org.

Garcia

your a man on a mission!
wow, that all sounds intense!

02k-guy

the uTorrent experiment is here:
https://archive.org/details/uTorrent_25302

You can examine InstallFiles.bat contained in the 7z archive with Notepad and confirm there is no hanky-panky going on.

Not as efficient as UUencode or YEnc, but it gets the job done.

02k-guy

...and again, and again. A couple days ago, they flagged the NT 3.1 service packs. Tonight, flagged BlackWidow site ripper/spider - the installer which came from a CD already on archive.org.

And predictably, it is only the skank vendors who come up with "suspicious" which pretty much defines every single person at a mall. Something like 5 out of 45 vendors. Ones I've never heard of.

02k-guy

Woe is me. One of my latest uploads failed repeatedly with a "200 Bad Data".

The upload was a 13gb ISO I split into 2gb parts wi.th WinRar (because I have a slow connection and archive org sometimes craps out for no apparent reason, any time of day, doesn't matter).

Reason: archive org checks the contents of large uploads in a container like Winrar, and if it finds part of a file with the extension (for example) ISO, it will flag and dump the upload. IOW, the file extension is checked - not the actual contents.

Solution: in this case, Winrar made a 7 part file set named "EXELAB_2015.part1.rar" etc.
I deleted the extension, pack each extensionless file in a zip container, and they uploaded without incident (took about 6 hours). Gave instructions to unpack each zip, add the extension back in with a file manager and then use Winrar as per usual.

So my continuing ed is as follows:

1. anything under 500mb, archive.org sends to virustotal. If your upload is anywhere near but under that size and has something virustotal might flag (virustotal flagged legit NT 3.1 service packs for crying out loud!) - then pad the upload out with a random byte file. IE - if an ISO, put it and a filler file into one zip or rar and upload that.

Done it - works.

2. Small files - things you know will get flagged by virustotal - don't waste your time password protecting - virustotal will still flag and archive org will not accept.
J3. ust the use of the word "keygen" or "crack" in a file's name will trigger the chinese 3rd rate A/V softs that virustotal uses. For this situation, an obfuscator is needed. A tool which converts a file into an unusual binary format. For me, a binary to ASCII tool that is NOT UUENCODE works.

Done. It works.

3. large multipart files: remove the extension. Then wrap each with 7zip or WinZip. I prefer to use Winrar and select "with recovery record" for multiparting, because (a) Winrar has been at it a long time, (b) archives made with Winrar 7.x can be unpacked with much older versions of Winrar or 7zip, and (c) the recovery record makes possible the ability to salvage such a large file set down the road when shuffling files around may damage a header.

Done. It works.

Finally, always wear a condom, wash your hands, and keep your fingers crossed.

TalkOrBell

WTF?...You figured out alot but is it worth it?... I only foresee conditions getting worse on there man nothing simple anymore...

I was already tired of the 'network error' uploading having to start over at last file once again but when I got 'Japped' that was it, time to relax since in effect I already have the resource...

02k-guy

"WTF?...You figured out alot but is it worth it?..."

yes.

I have few problems with few archives. Experience is my teacher.

Try uploading to betaarchive. You won't be "pure" enough. Worse, few will have access to your files.

vetusware. Wide open uploads, but no graphics presented, cannot edit your upload (and you sure wont be able to delete anything once it's there. No alerts to comments, yada, yada.

(name your favorite) torrent site. You don't seed, it dies. If you upload the latest hot thing with a fix - you are a hero for 5 minutes. It's filled with kids that have unknown sticky substances on their fingers.

Mega - or any file repository. Limited access, it requires money out of your pocket to keep the files alive.

Usenet: wide open. It was always a swamp - I should know, having been a file server, member of Inner Circle, and cosigner of the WarezFAQ. But there too software life span is limited, even if a decade nowadays.

These are but a few options.
The whole point for me - is to find, preserve, inform and share without judgement. My opinion doesn't mean squat, but my familiarity and detail may keep not just the content - but the perspective of the age the software was published alive well ito the future.

Finally, archive.org has a very difficult task - it is constantly fighting copyright trolls - both on the site and in court. They try to contend with every type of file, from books to music, to videos, to documents, to software to preserving long gone web sites.. The software portion of their is a very minor part of their content.

They do an excellent job with all the above - EXCEPT for their amateurish handling of potential malware.

Which brings me around to WinWorld. Here, file capacity is limited, but anyone is free to post links, discuss the software, give pointers to other sites and solutions.

Taking something a site does (with the exception of betaarchive) personally is a waste of emotional and intellectual talent - both of which I have damn little of. For that reason, I prefer to find ways around problems, rather than turn them into excuses.