Internet Archive and Virustotal...again
It's frustrating. I first attempted to use the IA forum to discuss - incredibly the area for software discussion link doesnt work.
All I can say is, those who blindly rely on their A/V to decide for them what is malware - and then reports (sometimes loudly) that such and such file "is infected" does a disservice to those who bust their humps to make sure software is genuine.
Here's my latest exchanges:
info@archive.org
Aug 7, 2023, 10:41 PM (8 hours ago)
to me
Dear Der AppleSeed,
Thank you for your interest in adding files to the Internet Archive. Unfortunately, one or more of the files you uploaded into item FreeCommander appear to be malware, and access to the item on archive.org has been blocked. You can get more details about the malware file(s) here:
freeCommander 2004.10a/freeCommander 2004.10a_fc_setup_.zip https://www.virustotal.com/gui/file/e92bbd413e865c024d2ceaba33783d03923bc3675775c8d9c7592394bbba6e3c/detection/f-e92bbd413e865c024d2ceaba33783d03923bc3675775c8d9c7592394bbba6e3c-1691462150
If you have questions or concerns, you may contact us at info@archive.org.
Thanks,
Internet Archive
All I can say is, those who blindly rely on their A/V to decide for them what is malware - and then reports (sometimes loudly) that such and such file "is infected" does a disservice to those who bust their humps to make sure software is genuine.
Here's my latest exchanges:
info@archive.org
Aug 7, 2023, 10:41 PM (8 hours ago)
to me
Dear Der AppleSeed,
Thank you for your interest in adding files to the Internet Archive. Unfortunately, one or more of the files you uploaded into item FreeCommander appear to be malware, and access to the item on archive.org has been blocked. You can get more details about the malware file(s) here:
freeCommander 2004.10a/freeCommander 2004.10a_fc_setup_.zip https://www.virustotal.com/gui/file/e92bbd413e865c024d2ceaba33783d03923bc3675775c8d9c7592394bbba6e3c/detection/f-e92bbd413e865c024d2ceaba33783d03923bc3675775c8d9c7592394bbba6e3c-1691462150
If you have questions or concerns, you may contact us at info@archive.org.
Thanks,
Internet Archive
Comments
I setup archive to store discord chat and attachments, a playstation executable patcher was shared, not a virus, and archive removed the complete archive, not just the single upload!
I have a hunch and I have yet to prove this, if it's packaged in a .iso or cue/bin etc, a cdrom image... it'll stay there. They really really love CDROM's
While I admire Internet Archive's lofty goals of preserving media, when it's done poorly, we are all penalized.
The more any all all segments of society use the "we know what's best for you" and treat people as children, the more these people so in fact become childlike.
Yes, I saw the warez CD's, that's how I came to that theory... and it kinda makes sense in that if someone went to that effort (authoring a CDROM image), then mostlikely, they knew what they were doing, software wise... kinda?
Also Jason (and therefore Archive.org) is a nutty hard leftist, which are always hypocrites. I stop regularly donating to Archive.org when it was obvious many years ago! And now they're in legal problems, because they think laws don't apply to them, stupid!
There is a software called SmartVersion by Gilles Vollant (WinImage author) that creates diff files of two or more nearly identical files. Can be text, or binaries. It's used out here in software land for example for ISOs of the same product - say Windows 7 - differ because of language or Edition. English, German, Russian - Home, Professional Enterprise - as examples.
So, it occured to me one could make two archives, one with a troublesome file and one without. Then use SmatVersion to generate its SVF/diff file, upload that plus the "innocent" binary.
I've briefly looked for encrypting utils, but so far, what I've discovered is that anything that uses decent encryption is somewhat large itself, and this matters because it would have to be included in the upload.
Even GNU PGP is somewhat bulky, and not all that user friendly.
But that was after the initial virus report, so maybe they dont except protected archives after it's found a virus in accs that has had a virus flagged... who knows
Ditto. I'm convinced I am now on their "watched" list. Makes me feel special.
It's all a game with the self-righteous. Went thru BS at Betaarchive too, because one person's ego outweighs the needs of the many, (Cue Spock I think).
I am beyond cuss words strong enough to express my disgust.
I don't upload executables much to archive, but next time I do, it will be in a ISO image.
Just yesterday, someone put a Windows 7 activator in an ISO and it looked interesting (was still in process). But before I could snatch it, it was deleted. I found another source and ran it through virustotal, and yup, those incompetent fools had flagged it.
The only thing I know for sure is that VirusTotal has a 650mb max file upload. That may be why full ISOs of warez get a free pass.
I did again complain on the forum, and will continue. I have no confidence in their nanny state approach. It baffles me, because sending all that binary content to VT, then logging the response, sending a automated email, etc, takes up server horsepower.
PS: Hybrid-Analysis.com and my Malwarebytes proggie both said it was clean - of course.
It makes sense now, thanks, good to know!
I think things should be flagged with the virus report, maybe a warning before downloading. Not just removed. Maybe it's a WIP.
Something along the lines of Base64, or Ascii85, or btoa or ZMODEM - all of which /might/ be recognized by Virustotal. Sp it had to be a new algorithm.
Also, wanted a "key required" sort of action - that didn't actually require some damn, easily lost, or wrongly entered manual entry.
Becaause we are talking about 7-8 ascii bytes now representing a single hex value, the result is double or more - but easily is halved with 7zip compression.
When I get a little more polish on it, I will once again post uTorrent to archive dot org.
wow, that all sounds intense!
https://archive.org/details/uTorrent_25302
You can examine InstallFiles.bat contained in the 7z archive with Notepad and confirm there is no hanky-panky going on.
Not as efficient as UUencode or YEnc, but it gets the job done.
And predictably, it is only the skank vendors who come up with "suspicious" which pretty much defines every single person at a mall. Something like 5 out of 45 vendors. Ones I've never heard of.
The upload was a 13gb ISO I split into 2gb parts wi.th WinRar (because I have a slow connection and archive org sometimes craps out for no apparent reason, any time of day, doesn't matter).
Reason: archive org checks the contents of large uploads in a container like Winrar, and if it finds part of a file with the extension (for example) ISO, it will flag and dump the upload. IOW, the file extension is checked - not the actual contents.
Solution: in this case, Winrar made a 7 part file set named "EXELAB_2015.part1.rar" etc.
I deleted the extension, pack each extensionless file in a zip container, and they uploaded without incident (took about 6 hours). Gave instructions to unpack each zip, add the extension back in with a file manager and then use Winrar as per usual.
So my continuing ed is as follows:
1. anything under 500mb, archive.org sends to virustotal. If your upload is anywhere near but under that size and has something virustotal might flag (virustotal flagged legit NT 3.1 service packs for crying out loud!) - then pad the upload out with a random byte file. IE - if an ISO, put it and a filler file into one zip or rar and upload that.
Done it - works.
2. Small files - things you know will get flagged by virustotal - don't waste your time password protecting - virustotal will still flag and archive org will not accept.
J3. ust the use of the word "keygen" or "crack" in a file's name will trigger the chinese 3rd rate A/V softs that virustotal uses. For this situation, an obfuscator is needed. A tool which converts a file into an unusual binary format. For me, a binary to ASCII tool that is NOT UUENCODE works.
Done. It works.
3. large multipart files: remove the extension. Then wrap each with 7zip or WinZip. I prefer to use Winrar and select "with recovery record" for multiparting, because (a) Winrar has been at it a long time, (b) archives made with Winrar 7.x can be unpacked with much older versions of Winrar or 7zip, and (c) the recovery record makes possible the ability to salvage such a large file set down the road when shuffling files around may damage a header.
Done. It works.
Finally, always wear a condom, wash your hands, and keep your fingers crossed.
I was already tired of the 'network error' uploading having to start over at last file once again but when I got 'Japped' that was it, time to relax since in effect I already have the resource...
yes.
I have few problems with few archives. Experience is my teacher.
Try uploading to betaarchive. You won't be "pure" enough. Worse, few will have access to your files.
vetusware. Wide open uploads, but no graphics presented, cannot edit your upload (and you sure wont be able to delete anything once it's there. No alerts to comments, yada, yada.
(name your favorite) torrent site. You don't seed, it dies. If you upload the latest hot thing with a fix - you are a hero for 5 minutes. It's filled with kids that have unknown sticky substances on their fingers.
Mega - or any file repository. Limited access, it requires money out of your pocket to keep the files alive.
Usenet: wide open. It was always a swamp - I should know, having been a file server, member of Inner Circle, and cosigner of the WarezFAQ. But there too software life span is limited, even if a decade nowadays.
These are but a few options.
The whole point for me - is to find, preserve, inform and share without judgement. My opinion doesn't mean squat, but my familiarity and detail may keep not just the content - but the perspective of the age the software was published alive well ito the future.
Finally, archive.org has a very difficult task - it is constantly fighting copyright trolls - both on the site and in court. They try to contend with every type of file, from books to music, to videos, to documents, to software to preserving long gone web sites.. The software portion of their is a very minor part of their content.
They do an excellent job with all the above - EXCEPT for their amateurish handling of potential malware.
Which brings me around to WinWorld. Here, file capacity is limited, but anyone is free to post links, discuss the software, give pointers to other sites and solutions.
Taking something a site does (with the exception of betaarchive) personally is a waste of emotional and intellectual talent - both of which I have damn little of. For that reason, I prefer to find ways around problems, rather than turn them into excuses.