Comment 1 Jeroen Roovers (RETIRED) 2019-05-12 13:34:57 UTC

# clamdscan gdk-pixbuf-2.38.1.tar.xz
gdk-pixbuf-2.38.1.tar.xz: BC.Gif.Exploit.Agent-1425366.Agent FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 125.656 sec (2 m 5 s)

Comment 2 Thomas Deutschmann (RETIRED) 2019-05-12 13:53:41 UTC

I can confirm the report,

> gdk-pixbuf-2.38.1.tar.xz: BC.Gif.Exploit.Agent-1425366.Agent FOUND
> gdk-pixbuf-2.38.1.tar.xz!POSIX_TAR:gdk-pixbuf-2.38.1/tests/bug775693.pixdata!...!(5)POSIX_TAR:gdk-pixbuf-2.38.1/tests/test-images/gif-test-suite/max-width.gif: BC.Gif.Exploit.Agent-1425366.Agent FOUND
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 6125485
> Engine version: 0.101.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 22.48 MB
> Data read: 5.25 MB (ratio 4.28:1)
> Time: 63.945 sec (1 m 3 s)

but there's nothing we can do about it:

Upstream has added a test case for https://bugzilla.gnome.org/show_bug.cgi?id=775693. However, the test could also be used as exploit, that's why clamav is detecting that file.

Because there's a valid reason for ClamAV to detect that code and there's a valid reason for gdk-pixbuf upstream to carry such a test, we cannot do anything.