Opened 3 years ago
Last modified 16 months ago
#61843 reopened defect
/opt/local/var/macports/software/gdk-pixbuf2/gdk-pixbuf2-2.42.0_0+x11.darwin_15.x86_64.tbz2: BC.Gif.Exploit.Agent-1425366.Agent FOUND
Reported by: | dbl001 (dbl) | Owned by: | mascguy (Christopher Nielsen) |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | 2.6.4 |
Keywords: | Cc: | ballapete (Peter "Pete" Dyballa) | |
Port: | gdk-pixbuf2 |
Description
Most likely a false positive from ClamAV.
$ sudo port list gdk-pixbuf2 Password: gdk-pixbuf2 @2.42.0 graphics/gdk-pixbuf2
/opt/local/libexec/installed-tests/gdk-pixbuf/test-images/gif-test-suite/max-width.gif: BC.Gif.Exploit.Agent-1425366.Agent FOUND traverse_unlink: Failed to unlink: /opt/local/libexec/installed-tests/gdk-pixbuf/test-images/gif-test-suite/max-width.gif /opt/local/var/macports/software/gdk-pixbuf2/gdk-pixbuf2-2.42.0_0+x11.darwin_15.x86_64.tbz2: BC.Gif.Exploit.Agent-1425366.Agent FOUND
Change History (11)
comment:1 Changed 3 years ago by jmroot (Joshua Root)
Owner: | set to dbevans |
---|---|
Status: | new → assigned |
comment:3 follow-up: 5 Changed 3 years ago by michaelld (Michael Dickens)
Thanks for the report. Let me quote from the GenToo bug report, since it's relevant here:
"there's nothing we can do about it:
Upstream has added a test case for https://bugzilla.gnome.org/show_bug.cgi?id=775693. However, the test could also be used as exploit, that's why clamav is detecting that file.
Because there's a valid reason for ClamAV to detect that code and there's a valid reason for gdk-pixbuf upstream to carry such a test, we cannot do anything."
comment:4 Changed 2 years ago by mascguy (Christopher Nielsen)
Owner: | changed from dbevans to mascguy |
---|
Take over Dave's tickets for GTK and friends, now that he's formally dropped maintainership. Boo! ;-)
comment:5 Changed 21 months ago by mascguy (Christopher Nielsen)
Resolution: | → invalid |
---|---|
Status: | assigned → closed |
Replying to michaelld:
Thanks for the report. Let me quote from the GenToo bug report, since it's relevant here:
"there's nothing we can do about it:
Upstream has added a test case for https://bugzilla.gnome.org/show_bug.cgi?id=775693. However, the test could also be used as exploit, that's why clamav is detecting that file.
Because there's a valid reason for ClamAV to detect that code and there's a valid reason for gdk-pixbuf upstream to carry such a test, we cannot do anything."
Closing, since there's nothing we can do to fix this.
comment:6 Changed 17 months ago by ballapete (Peter "Pete" Dyballa)
Isn't it possible to not install the test files? I presume they are only used for a case like make test
or make check
so that there's not much sense in installing it – or would anyone go and test the software after it has been installed?
Two other options are to patch that intrusive file that ClamAV
cannot find the virus or not installing it at all, neither on disk nor in the tbz2
archive file.
comment:7 follow-up: 10 Changed 17 months ago by ballapete (Peter "Pete" Dyballa)
Emmanuele Bassi from GNOME Team explains here, https://discourse.gnome.org/t/gdk-pixbuf-test-file-gdk-pixbuf-2-42-2-tests-test-images-gif-test-suite-max-width-gif-with-a-virus/12152/4, i.e. use -Dinstalled_tests=false when configuring the build
, how to disable installation of test files.
comment:8 Changed 17 months ago by ballapete (Peter "Pete" Dyballa)
Cc: | ballapete added |
---|
comment:9 Changed 17 months ago by ballapete (Peter "Pete" Dyballa)
Resolution: | invalid |
---|---|
Status: | closed → reopened |
comment:10 Changed 17 months ago by ballapete (Peter "Pete" Dyballa)
Replying to ballapete:
It works using this additional configure argument.
comment:11 Changed 16 months ago by ballapete (Peter "Pete" Dyballa)
Some weeks ago I tried to report the problem to the ClamAV people – no answer yet.
It seems that clamav is right in finding a potential problem and that gdk-pixbuf is making legitimate use of a potentially dangerous code. See https://bugs.gentoo.org/685722.