Comments (6)
@tonyping, thank you for the report. @az0, I also see this.
from bleachbit.
I've read their docs, modified the text of the page to add the "fine print section," and requested a reviewed. The best I could figure out is that it's related to the builds of the new Python branch, so I uploaded all those files individually, but it didn't flag any individual files. I also uploaded the new installer to external scanners, but it didn't give any insights.
Google likes to automate everything, and I don't a way to report a false positive or get more details, so what's left is a blind process of reverse engineering.
For now I removed the folder 4.4.2.2333-mkhon-python310
See also #1448
from bleachbit.
Google likes to automate everything, and I don't a way to report a false positive or get more details, so what's left is a blind process of reverse engineering.
Yeah I reached a similar conclusion from the docs. They basically want you to just figure it out for yourself, although their criteria for malware does leaves too much room for interpretation and can lead to grey areas.
Those same areas that a software scanner can't reliably judge, nonetheless are still being tasked with. However, given Google's scale, I don't blame them, as I can't see any other feasible solution.
Have you tried Hybrid Analysis? https://www.hybrid-analysis.com
Maybe the sandbox reports show something. I submitted one but they do take a while to process.
from bleachbit.
Latest nightly:
from bleachbit.
Here's irony: Google flags the latest comment in this discussion as unsafe too.
Security scanners flag BleachBit because
- The application contains the Python runtime and GTK toolkit, which are general and contain many capabilities.
- By design, the application has to do "unsafe" things such as reading/changing the registry, marking files for deletion, and checking running processes.
In the past with the false positives , the general process is to submit the application for review ("whitelisting"), even though they deal with many users and flagged software, but Google doesn't allow that.
Adding my digital certificate many help, but that's for beta and final releases---not for the CI site.
from bleachbit.
Google Search Console identified that https://ci.bleachbit.org/?prefix=dl/4.4.2.2265-mkhon-python310/ was the problem. As I removed it earlier, I requested a re-review. For now, the whole site is still flagged
from bleachbit.
Related Issues (20)
- Request: Firefox bookmarks history
- Request: Firefox console history HOT 1
- Wipe free disk space OSError: [Errno 24] Too many open files: '/proc/filesystems HOT 3
- Errors when running without a GUI
- [Suggestion] Make a prompt for sudo.
- Windows 11 - add select language option to UI HOT 6
- org.gnome.Bleachbit
- Hope to add a cleaner for Microsoft Edge(Chromium) on Linux HOT 2
- How to Automatically Clean unnecessary files using Bleachbit HOT 1
- Leftovers of VLC media player after cleaning
- Mircosoft Edge cannot be cleaned because it is running. Close this software, then try again. HOT 3
- ?
- Running Bleachbit ends in error: ModuleNotFoundError: No module named '_sqlite3' HOT 2
- Where is the shredder? HOT 9
- Microsoft Edge error HOT 4
- bleachbit freezes and fills up entire disk HOT 2
- Can't run Bleachbit at all in Windows 11. HOT 3
- Strange update error at BleachBit startup on Windows 10 HOT 2
- BleachBit not wiping Chrome. HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bleachbit.