Opened 4 years ago
Last modified 2 years ago
#61843 reopened defect
/opt/local/var/macports/software/gdk-pixbuf2/gdk-pixbuf2-2.42.0_0+x11.darwin_15.x86_64.tbz2: BC.Gif.Exploit.Agent-1425366.Agent FOUND
| Reported by: | dbl001 (dbl) | Owned by: | mascguy (Christopher Nielsen) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.6.4 |
| Keywords: | Cc: | ballapete (Peter "Pete" Dyballa) | |
| Port: | gdk-pixbuf2 |
Description
Most likely a false positive from ClamAV.
$ sudo port list gdk-pixbuf2 Password: gdk-pixbuf2 @2.42.0 graphics/gdk-pixbuf2
/opt/local/libexec/installed-tests/gdk-pixbuf/test-images/gif-test-suite/max-width.gif: BC.Gif.Exploit.Agent-1425366.Agent FOUND traverse_unlink: Failed to unlink: /opt/local/libexec/installed-tests/gdk-pixbuf/test-images/gif-test-suite/max-width.gif /opt/local/var/macports/software/gdk-pixbuf2/gdk-pixbuf2-2.42.0_0+x11.darwin_15.x86_64.tbz2: BC.Gif.Exploit.Agent-1425366.Agent FOUND
Change History (11)
comment:1 Changed 4 years ago by jmroot (Joshua Root)
| Owner: | set to dbevans |
|---|---|
| Status: | new → assigned |
comment:3 follow-up: 5 Changed 4 years ago by michaelld (Michael Dickens)
Thanks for the report. Let me quote from the GenToo bug report, since it's relevant here:
"there's nothing we can do about it:
Upstream has added a test case for https://bugzilla.gnome.org/show_bug.cgi?id=775693. However, the test could also be used as exploit, that's why clamav is detecting that file.
Because there's a valid reason for ClamAV to detect that code and there's a valid reason for gdk-pixbuf upstream to carry such a test, we cannot do anything."
comment:4 Changed 3 years ago by mascguy (Christopher Nielsen)
| Owner: | changed from dbevans to mascguy |
|---|
Take over Dave's tickets for GTK and friends, now that he's formally dropped maintainership. Boo! ;-)
comment:5 Changed 2 years ago by mascguy (Christopher Nielsen)
| Resolution: | → invalid |
|---|---|
| Status: | assigned → closed |
Replying to michaelld:
Thanks for the report. Let me quote from the GenToo bug report, since it's relevant here:
"there's nothing we can do about it:
Upstream has added a test case for https://bugzilla.gnome.org/show_bug.cgi?id=775693. However, the test could also be used as exploit, that's why clamav is detecting that file.
Because there's a valid reason for ClamAV to detect that code and there's a valid reason for gdk-pixbuf upstream to carry such a test, we cannot do anything."
Closing, since there's nothing we can do to fix this.
comment:6 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)
Isn't it possible to not install the test files? I presume they are only used for a case like make test or make check so that there's not much sense in installing it – or would anyone go and test the software after it has been installed?
Two other options are to patch that intrusive file that ClamAV cannot find the virus or not installing it at all, neither on disk nor in the tbz2 archive file.
comment:7 follow-up: 10 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)
Emmanuele Bassi from GNOME Team explains here, https://discourse.gnome.org/t/gdk-pixbuf-test-file-gdk-pixbuf-2-42-2-tests-test-images-gif-test-suite-max-width-gif-with-a-virus/12152/4, i.e. use -Dinstalled_tests=false when configuring the build, how to disable installation of test files.
comment:8 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)
| Cc: | ballapete added |
|---|
comment:9 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)
| Resolution: | invalid |
|---|---|
| Status: | closed → reopened |
comment:10 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)
Replying to ballapete:
It works using this additional configure argument.
comment:11 Changed 2 years ago by ballapete (Peter "Pete" Dyballa)
Some weeks ago I tried to report the problem to the ClamAV people – no answer yet.
It seems that clamav is right in finding a potential problem and that gdk-pixbuf is making legitimate use of a potentially dangerous code. See https://bugs.gentoo.org/685722.