During a maintenance (emerge -e system) of my gentoo linux box I got a warning from sophos anti-virus that a virus exist during work on app-text/qpdf in /var/temp/portage/app-text/qpdf-7.0.0/qpdf/test/qpdf/ in the pdf files issue 51 and 118. See attached screenshot from 2018-11-09 12-59-04.png Info about my gentoo linux box is attached. Reproducible: Didn't try Steps to Reproduce: 1. emerge -e system 2. 3. Actual Results: I do not wait for results, I have deleted issue-51.pdf and issue-118.pdf. Thereafter I also --unmerge app-text/qpdf. And I will run again sophos antivirus.
Created attachment 554605 [details] screenshot virus warning sophos antivirus 9 nov 2018
Created attachment 554607 [details] Dmesg about my gentoo linux box included the warning Is this a virus which is wandering around my system or specific related tot app-text/qpdf?
It seems to be a continuing virus problem for app-text/qpdf it started in july, see URL: https://github.com/qpdf/qpdf/issues/216
Unfortunately the person in comment 3, who promised to solve it, did not do his job. After a complete removal of app-text/qpdf-7.0.0, I re-emerged app-text/qpdf-8.1.0 and had the same virus alert. See multiple attachments.
Created attachment 554699 [details] Again sophos virus alert qpdf while compiling latest version 8.1.0
This is not a security bug. qpdf's test suite is verifying that a malicious file cannot crash/affect qpdf. That's a valid reason to keep that test. That your anti-virus program is also detecting that malicious pattern is also correct. The problem in this case is, you cannot have both at the same time. But that's *your* problem. Requesting to drop that test isn't a good idea. When upstream will change pattern to avoid detection it is only a question of time because it is your anti-virus' job to detect things like that ;)
