| Summary: | app-text/qpdf-7.0.0: virus Mal/PDFEx-H detetected during compile | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Teun Blok <gomezloper> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | fturco |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | |||
|
Description
Teun Blok
2018-11-09 12:24:34 UTC
Created attachment 554605 [details]
screenshot virus warning sophos antivirus 9 nov 2018
Created attachment 554607 [details]
Dmesg about my gentoo linux box included the warning
Is this a virus which is wandering around my system or specific related tot app-text/qpdf?
It seems to be a continuing virus problem for app-text/qpdf it started in july, see URL: https://github.com/qpdf/qpdf/issues/216 Unfortunately the person in comment 3, who promised to solve it, did not do his job. After a complete removal of app-text/qpdf-7.0.0, I re-emerged app-text/qpdf-8.1.0 and had the same virus alert. See multiple attachments. Created attachment 554699 [details]
Again sophos virus alert qpdf while compiling latest version 8.1.0
This is not a security bug. qpdf's test suite is verifying that a malicious file cannot crash/affect qpdf. That's a valid reason to keep that test. That your anti-virus program is also detecting that malicious pattern is also correct. The problem in this case is, you cannot have both at the same time. But that's *your* problem. Requesting to drop that test isn't a good idea. When upstream will change pattern to avoid detection it is only a question of time because it is your anti-virus' job to detect things like that ;) |
