Forum Rules - Formats - Spotlights  -  Home - Library - New Additions

Internet Archive and Virustotal...again

02k-guy02k-guy
in Software
It's frustrating. I first attempted to use the IA forum to discuss - incredibly the area for software discussion link doesnt work.

All I can say is, those who blindly rely on their A/V to decide for them what is malware - and then reports (sometimes loudly) that such and such file "is infected" does a disservice to those who bust their humps to make sure software is genuine.

Here's my latest exchanges:

info@archive.org
Aug 7, 2023, 10:41 PM (8 hours ago)
to me

Dear Der AppleSeed,

Thank you for your interest in adding files to the Internet Archive. Unfortunately, one or more of the files you uploaded into item FreeCommander appear to be malware, and access to the item on archive.org has been blocked. You can get more details about the malware file(s) here:

freeCommander 2004.10a/freeCommander 2004.10a_fc_setup_.zip https://www.virustotal.com/gui/file/e92bbd413e865c024d2ceaba33783d03923bc3675775c8d9c7592394bbba6e3c/detection/f-e92bbd413e865c024d2ceaba33783d03923bc3675775c8d9c7592394bbba6e3c-1691462150

If you have questions or concerns, you may contact us at info@archive.org.

Thanks,
Internet Archive

Comments

  • GarciaGarcia
    Have the same problem with the Net Yaroze (programmable playstation) stuff.
    I setup archive to store discord chat and attachments, a playstation executable patcher was shared, not a virus, and archive removed the complete archive, not just the single upload!

    I have a hunch and I have yet to prove this, if it's packaged in a .iso or cue/bin etc, a cdrom image... it'll stay there. They really really love CDROM's :whistle:
  • 02k-guy02k-guy
    edited August 2023
    I suspect you may be onto something re the ISO approach. There is an uploader by name of 'pascal of irate" who has uploaded perhaps 100s of classic warez CDs from back in the day, all including patchers, keygens, etc, and no problem.

    While I admire Internet Archive's lofty goals of preserving media, when it's done poorly, we are all penalized.

    The more any all all segments of society use the "we know what's best for you" and treat people as children, the more these people so in fact become childlike.
  • GarciaGarcia
    edited August 2023
    I agree with you that the internet is full of children like adults (kidults) and these days "safety" is often used to control and an over reach of power.

    Yes, I saw the warez CD's, that's how I came to that theory... and it kinda makes sense in that if someone went to that effort (authoring a CDROM image), then mostlikely, they knew what they were doing, software wise... kinda?

    Also Jason (and therefore Archive.org) is a nutty hard leftist, which are always hypocrites. I stop regularly donating to Archive.org when it was obvious many years ago! And now they're in legal problems, because they think laws don't apply to them, stupid! :angry:
  • 02k-guy02k-guy
    I dont know who "jason" is. I did notice that on the sidebar to their forum page that news stories with a certain perspective are posted. I chose years ago (when I left Usenet and the Inner Circle) to ignore political posturing and focus on gathering and sharing software. Believe me, I am a scofflaw to my core.

    There is a software called SmartVersion by Gilles Vollant (WinImage author) that creates diff files of two or more nearly identical files. Can be text, or binaries. It's used out here in software land for example for ISOs of the same product - say Windows 7 - differ because of language or Edition. English, German, Russian - Home, Professional Enterprise - as examples.

    So, it occured to me one could make two archives, one with a troublesome file and one without. Then use SmatVersion to generate its SVF/diff file, upload that plus the "innocent" binary.

    I've briefly looked for encrypting utils, but so far, what I've discovered is that anything that uses decent encryption is somewhat large itself, and this matters because it would have to be included in the upload.

    Even GNU PGP is somewhat bulky, and not all that user friendly.
  • GarciaGarcia
    I recall trying to upload a password protected zip, to quickly circumvent the virus scan, archive rejected it saying it couldn't be scanned or something to that effect.

    But that was after the initial virus report, so maybe they dont except protected archives after it's found a virus in accs that has had a virus flagged... who knows :anguished:

  • 02k-guy02k-guy
    "I recall trying to upload a password protected zip, to quickly circumvent the virus scan, archive rejected it saying it couldn't be scanned or something to that effect."

    Ditto. I'm convinced I am now on their "watched" list. Makes me feel special.

    It's all a game with the self-righteous. Went thru BS at Betaarchive too, because one person's ego outweighs the needs of the many, (Cue Spock I think).
  • 02k-guy02k-guy
    Zapped again. This time uTorrent 2.2.1. It's a digitally signed file!

    I am beyond cuss words strong enough to express my disgust.
  • GarciaGarcia
    wow... have you tried putting it in a ISO?
    I don't upload executables much to archive, but next time I do, it will be in a ISO image.
  • 02k-guy02k-guy
    All my executables are uploaded in ZIP to preserve timestamps and off some measure of file integrity,

    Just yesterday, someone put a Windows 7 activator in an ISO and it looked interesting (was still in process). But before I could snatch it, it was deleted. I found another source and ran it through virustotal, and yup, those incompetent fools had flagged it.

    The only thing I know for sure is that VirusTotal has a 650mb max file upload. That may be why full ISOs of warez get a free pass.

    I did again complain on the forum, and will continue. I have no confidence in their nanny state approach. It baffles me, because sending all that binary content to VT, then logging the response, sending a automated email, etc, takes up server horsepower.

    PS: Hybrid-Analysis.com and my Malwarebytes proggie both said it was clean - of course.
  • GarciaGarcia
    edited August 2023
    ahh, that could be it! the size limit! wow!
    It makes sense now, thanks, good to know!

    I think things should be flagged with the virus report, maybe a warning before downloading. Not just removed. Maybe it's a WIP.
  • 02k-guy02k-guy
    Welp, made some progress. A simple BAT file to encode, and a container to semi-automatically decode, whose contents will pass VirusTotal Scamware inspection.

    Something along the lines of Base64, or Ascii85, or btoa or ZMODEM - all of which /might/ be recognized by Virustotal. Sp it had to be a new algorithm.

    Also, wanted a "key required" sort of action - that didn't actually require some damn, easily lost, or wrongly entered manual entry.

    Becaause we are talking about 7-8 ascii bytes now representing a single hex value, the result is double or more - but easily is halved with 7zip compression.

    When I get a little more polish on it, I will once again post uTorrent to archive dot org.

  • GarciaGarcia
    your a man on a mission! :)
    wow, that all sounds intense!
  • 02k-guy02k-guy
    edited August 2023
    the uTorrent experiment is here:
    https://archive.org/details/uTorrent_25302

    You can examine InstallFiles.bat contained in the 7z archive with Notepad and confirm there is no hanky-panky going on.

    Not as efficient as UUencode or YEnc, but it gets the job done.

  • 02k-guy02k-guy
    ...and again, and again. A couple days ago, they flagged the NT 3.1 service packs. Tonight, flagged BlackWidow site ripper/spider - the installer which came from a CD already on archive.org.

    And predictably, it is only the skank vendors who come up with "suspicious" which pretty much defines every single person at a mall. Something like 5 out of 45 vendors. Ones I've never heard of.



Sign In or Register to comment.