:: [DNG] ..are we|Devuan safe from thi…
Top Page
Delete this message
Reply to this message
Author: Arnt Karlsen
Date:  
To: Dng
Subject: [DNG] ..are we|Devuan safe from this systemd backdoor malware, taking our kernels from Debian?
Spam detection software, running on the system "tupac3.dyne.org",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview: Hi, ..are we|Devuan safe from this systemd backdoor malware,
taking a lot of our .debs, kernels etc, from Debian? ..from El Reg: https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/


Content analysis details: (6.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
                            bl.spamcop.net
              [Blocked - see <https://www.spamcop.net/bl.shtml?23.129.64.232>]
 3.6 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                            [23.129.64.232 listed in zen.spamhaus.org]
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
                            [46.30.212.3 listed in wl.mailspike.net]
-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
-0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                            envelope-from domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                            author's domain
 1.5 RCVD_IN_SORBS_WEB      RBL: SORBS: sender is an abusable web server
                            [23.129.64.232 listed in dnsbl.sorbs.net]
-0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/,
                            no trust
                            [46.30.212.3 listed in list.dnswl.org]
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders



Hi,


..are we|Devuan safe from this systemd backdoor malware, taking a lot of
our .debs, kernels etc, from Debian?

..from El Reg:
https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/

..it would be about as easy to sneak it in and make it run on our
init systems, but also quite a bit easier to discover by competent
users and sysadmins.

--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.