Opened 4 years ago

Last modified 2 years ago

#61843 reopened defect

/opt/local/var/macports/software/gdk-pixbuf2/gdk-pixbuf2-2.42.0_0+x11.darwin_15.x86_64.tbz2: BC.Gif.Exploit.Agent-1425366.Agent FOUND

Reported by: dbl001 (dbl) Owned by: mascguy (Christopher Nielsen)
Priority: Normal Milestone:
Component: ports Version: 2.6.4
Keywords: Cc: ballapete (Peter "Pete" Dyballa)
Port: gdk-pixbuf2

Description

Most likely a false positive from ClamAV.

$ sudo port list gdk-pixbuf2
Password:
gdk-pixbuf2                    @2.42.0         graphics/gdk-pixbuf2
/opt/local/libexec/installed-tests/gdk-pixbuf/test-images/gif-test-suite/max-width.gif: BC.Gif.Exploit.Agent-1425366.Agent FOUND
traverse_unlink: Failed to unlink: /opt/local/libexec/installed-tests/gdk-pixbuf/test-images/gif-test-suite/max-width.gif
/opt/local/var/macports/software/gdk-pixbuf2/gdk-pixbuf2-2.42.0_0+x11.darwin_15.x86_64.tbz2: BC.Gif.Exploit.Agent-1425366.Agent FOUND

Change History (11)

comment:1 Changed 4 years ago by jmroot (Joshua Root)

Owner: set to dbevans
Status: newassigned

comment:2 Changed 4 years ago by nortcele

It seems that clamav is right in finding a potential problem and that gdk-pixbuf is making legitimate use of a potentially dangerous code. See https://bugs.gentoo.org/685722.

Last edited 4 years ago by nortcele (previous) (diff)

comment:3 Changed 4 years ago by michaelld (Michael Dickens)

Thanks for the report. Let me quote from the GenToo bug report, since it's relevant here:

"there's nothing we can do about it:

Upstream has added a test case for https://bugzilla.gnome.org/show_bug.cgi?id=775693. However, the test could also be used as exploit, that's why clamav is detecting that file.

Because there's a valid reason for ClamAV to detect that code and there's a valid reason for gdk-pixbuf upstream to carry such a test, we cannot do anything."

comment:4 Changed 3 years ago by mascguy (Christopher Nielsen)

Owner: changed from dbevans to mascguy

Take over Dave's tickets for GTK and friends, now that he's formally dropped maintainership. Boo! ;-)

comment:5 in reply to:  3 Changed 2 years ago by mascguy (Christopher Nielsen)

Resolution: invalid
Status: assignedclosed

Replying to michaelld:

Thanks for the report. Let me quote from the GenToo bug report, since it's relevant here:

"there's nothing we can do about it:

Upstream has added a test case for https://bugzilla.gnome.org/show_bug.cgi?id=775693. However, the test could also be used as exploit, that's why clamav is detecting that file.

Because there's a valid reason for ClamAV to detect that code and there's a valid reason for gdk-pixbuf upstream to carry such a test, we cannot do anything."

Closing, since there's nothing we can do to fix this.

comment:6 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)

Isn't it possible to not install the test files? I presume they are only used for a case like make test or make check so that there's not much sense in installing it – or would anyone go and test the software after it has been installed?

Two other options are to patch that intrusive file that ClamAV cannot find the virus or not installing it at all, neither on disk nor in the tbz2 archive file.

comment:7 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)

Emmanuele Bassi from GNOME Team explains here, https://discourse.gnome.org/t/gdk-pixbuf-test-file-gdk-pixbuf-2-42-2-tests-test-images-gif-test-suite-max-width-gif-with-a-virus/12152/4, i.e. use -Dinstalled_tests=false when configuring the build, how to disable installation of test files.

comment:8 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)

Cc: ballapete added

comment:9 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)

Resolution: invalid
Status: closedreopened

comment:10 in reply to:  7 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)

Replying to ballapete:

It works using this additional configure argument.

comment:11 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)

Some weeks ago I tried to report the problem to the ClamAV people – no answer yet.

Note: See TracTickets for help on using tickets.