Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 703838 - =media-libs/portmidi-217-r2 PUA.Win.Adware.Slugin-6803969-0 FOUND
Summary: =media-libs/portmidi-217-r2 PUA.Win.Adware.Slugin-6803969-0 FOUND
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-26 13:13 UTC by Fedja Beader
Modified: 2019-12-26 17:23 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fedja Beader 2019-12-26 13:13:13 UTC 
* portmidi-src-217.zip BLAKE2B SHA512 size ;-) ... [ ok ]
/tmp/portage-distfiles/portmidi-src-217.zip: PUA.Win.Adware.Slugin-6803969-0 FOUND
* ERROR: media-libs/portmidi-217-r2::gentoo failed (unpack phase):
*   clamscan error %d -- %s! 1 /tmp/portage-distfiles/portmidi-src-217.zip



Sourceforge adware shenanigans, again?

Filing as minor, as it seems to be a windows thing.

Reproducible: Always
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-26 15:13:04 UTC 
Can't reproduce with file from mirror:

> $ wget https://mirror.netcologne.de/gentoo/distfiles/d7/portmidi-src-217.zip
> --2019-12-26 16:07:59--  
https://mirror.netcologne.de/gentoo/distfiles/d7/portmidi-src-217.zip
> Resolving mirror.netcologne.de (mirror.netcologne.de)... 
2001:4dd0:1234:1::deb, 194.8.197.22
> Connecting to mirror.netcologne.de 
(mirror.netcologne.de)|2001:4dd0:1234:1::deb|:443... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 1030830 (1007K) [application/zip]
> Saving to: ‘portmidi-src-217.zip’
> 
> portmidi-src-217.zip          
100%[===================================================>]   1007K  --.-KB/s   
in 0,03s
> 
> 2019-12-26 16:07:59 (28,3 MB/s) - ‘portmidi-src-217.zip’ saved 
[1030830/1030830]
> 
> $ sha256sum portmidi-src-217.zip
> 08e9a892bd80bdb1115213fb72dc29a7bf2ff108b378180586aa65f3cfd42e0f  
portmidi-src-217.zip
> 
> $ clamscan portmidi-src-217.zip
> portmidi-src-217.zip: OK
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 8847104
> Engine version: 0.101.4
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 4.72 MB
> Data read: 0.98 MB (ratio 4.81:1)
> Time: 34.067 sec (0 m 34 s)
> clamscan portmidi-src-217.zip  33,45s user 0,54s system 99% cpu 34,304 total

VirusTotal is also clean: 
https://www.virustotal.com/gui/file/08e9a892bd80bdb1115213fb72dc29a7bf2ff108b378180586aa65f3cfd42e0f/detection
Comment 2 Fedja Beader 2019-12-26 17:23:29 UTC 
clamAV does not detect PUAs unless you tell it to by uncommenting "DetectPUA yes" in clamd.conf. This applies to clamscan as well.