[Django] #36583: Microsoft Partner Program classifies dpaste.com techincal_500 view as a dangerous Malware Site
7 views
Skip to first unread message
Django
Aug 29, 2025, 7:17:16 AMAug 29
to django-...@googlegroups.com
#36583: Microsoft Partner Program classifies dpaste.com techincal_500 view as a
dangerous Malware Site
----------------------------+-----------------------------------------
Reporter: Peter Kahn | Type: Bug
Status: new | Component: Generic views
Version: 5.2 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------+-----------------------------------------
**Problem**
Microsoft is flagging in the 500 error debug view's ability to send the
error details to `dpaste.com` as Malware. This feature and the view seem
OK to me but:
* When I have run into this class of problem in the past, Microsoft has
been unwilling to accept evidence of a false positive
* This may impact Django apps in other marketplace verification systems as
well
**Error Message Excerpt**
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
(FileType:.html) (Executable:true)
) .
**History**
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
**Workaround**
If this feature of the view isn't needed, a simple script can surgically
remove the aspect of the view. TBH, I've yet to try it and will be doing
so today.
--
Ticket URL: <https://code.djangoproject.com/ticket/36583>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
dangerous Malware Site
----------------------------+-----------------------------------------
Reporter: Peter Kahn | Type: Bug
Status: new | Component: Generic views
Version: 5.2 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------+-----------------------------------------
**Problem**
Microsoft is flagging in the 500 error debug view's ability to send the
error details to `dpaste.com` as Malware. This feature and the view seem
OK to me but:
* When I have run into this class of problem in the past, Microsoft has
been unwilling to accept evidence of a false positive
* This may impact Django apps in other marketplace verification systems as
well
**Error Message Excerpt**
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
(FileType:.html) (Executable:true)
) .
**History**
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
**Workaround**
If this feature of the view isn't needed, a simple script can surgically
remove the aspect of the view. TBH, I've yet to try it and will be doing
so today.
--
Ticket URL: <https://code.djangoproject.com/ticket/36583>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Aug 29, 2025, 8:52:12 AMAug 29
to django-...@googlegroups.com
#36583: Microsoft Partner Program classifies dpaste.com techincal_500 view as a
dangerous Malware Site
-------------------------------+--------------------------------------
dangerous Malware Site
Reporter: Peter Kahn | Owner: (none)
Type: Bug | Status: new
Component: Generic views | Version: 5.2
Severity: Normal | Resolution:
Component: Generic views | Version: 5.2
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Timothy Schilling):
Does Microsoft flag this as a part of any Django app or those that are
running with `DEBUG=True` in production that show this page on the web
app?
--
Ticket URL: <https://code.djangoproject.com/ticket/36583#comment:1>
Django
Aug 29, 2025, 9:42:40 AMAug 29
to django-...@googlegroups.com
#36583: Microsoft Partner Program classifies dpaste.com techincal_500 view as a
dangerous Malware Site
-------------------------------+--------------------------------------
Reporter: Peter Kahn | Owner: (none)
Type: Bug | Status: new
Component: Generic views | Version: 5.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Description changed by Peter Kahn:
dangerous Malware Site
-------------------------------+--------------------------------------
Reporter: Peter Kahn | Owner: (none)
Type: Bug | Status: new
Component: Generic views | Version: 5.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Old description:
> **Problem**
> Microsoft is flagging in the 500 error debug view's ability to send the
> error details to `dpaste.com` as Malware. This feature and the view seem
> OK to me but:
>
> * When I have run into this class of problem in the past, Microsoft has
> been unwilling to accept evidence of a false positive
>
> * This may impact Django apps in other marketplace verification systems
> as well
>
> **Error Message Excerpt**
> According to the Microsoft Partner program's Malware scanner:
>
> File name: technical_500.html,
> Malware Information:
> Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
> (FileType:.html) (Executable:true)
> ) .
>
> **History**
> The dpaste.com storage capability was added about 4 years ago
> https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
>
> **Workaround**
> If this feature of the view isn't needed, a simple script can surgically
> remove the aspect of the view. TBH, I've yet to try it and will be doing
> so today.
**Problem**
Microsoft Partner Site Malware scan for a compute image publish attempt to
Azure Marketplace is flagging in the 500 error debug view's ability to
send the error details to `dpaste.com` as Malware. This feature and the
view seem OK to me but:
* When I have run into this class of problem in the past, Microsoft has
been unwilling to accept evidence of a false positive
* This may impact Django apps in other marketplace verification systems as
well
**Error Message Excerpt**
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
(FileType:.html) (Executable:true)
) .
**History**
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
**Workaround**
If this feature of the view isn't needed, a simple script can surgically
remove the aspect of the view. TBH, I've yet to try it and will be doing
so today.
--
--
view seem OK to me but:
* When I have run into this class of problem in the past, Microsoft has
been unwilling to accept evidence of a false positive
* This may impact Django apps in other marketplace verification systems as
well
**Error Message Excerpt**
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]//dpaste[.]com/
(FileType:.html) (Executable:true)
) .
**History**
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
**Workaround**
If this feature of the view isn't needed, a simple script can surgically
remove the aspect of the view. TBH, I've yet to try it and will be doing
so today.
--
Ticket URL: <https://code.djangoproject.com/ticket/36583#comment:2>
Django
Aug 29, 2025, 9:52:43 AMAug 29
to django-...@googlegroups.com
#36583: Microsoft Partner Program classifies dpaste.com techincal_500 view as a
dangerous Malware Site
-------------------------------+--------------------------------------
Reporter: Peter Kahn | Owner: (none)
Type: Bug | Status: new
Component: Generic views | Version: 5.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Comment (by Sarah Boyce):
dangerous Malware Site
-------------------------------+--------------------------------------
Reporter: Peter Kahn | Owner: (none)
Type: Bug | Status: new
Component: Generic views | Version: 5.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Seems it was added in 13aa1970d44ab282fb2f1da763e558c84e0ca906 (refs
#2437) about 17 years ago
--
Ticket URL: <https://code.djangoproject.com/ticket/36583#comment:3>
Reply all
Reply to author
Forward
0 new messages