Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 670743

Summary: app-text/qpdf-7.0.0: virus Mal/PDFEx-H detetected during compile
Product: Gentoo Security Reporter: Teun Blok <gomezloper>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: fturco
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments:
Description Flags
screenshot virus warning sophos antivirus 9 nov 2018
none
Dmesg about my gentoo linux box included the warning
none
Again sophos virus alert qpdf while compiling latest version 8.1.0 none

Description Teun Blok 2018-11-09 12:24:34 UTC
During a maintenance (emerge -e system) of my gentoo linux box I got a warning from sophos anti-virus that a virus exist during work on app-text/qpdf in /var/temp/portage/app-text/qpdf-7.0.0/qpdf/test/qpdf/ in the pdf files issue 51 and 118. See attached screenshot from 2018-11-09 12-59-04.png
Info about my gentoo linux box is attached.


Reproducible: Didn't try

Steps to Reproduce:
1. emerge -e system
2. 
3.
Actual Results:  
I do not wait for results, I have deleted issue-51.pdf and issue-118.pdf. Thereafter I also --unmerge app-text/qpdf. And I will run again sophos antivirus.
Comment 1 Teun Blok 2018-11-09 12:26:51 UTC
Created attachment 554605 [details]
screenshot virus warning sophos antivirus 9 nov 2018
Comment 2 Teun Blok 2018-11-09 12:29:47 UTC
Created attachment 554607 [details]
Dmesg about my gentoo linux box included the warning

Is this a virus which is wandering around my system or specific related tot app-text/qpdf?
Comment 3 Teun Blok 2018-11-09 19:33:57 UTC
It seems to be a continuing virus problem for app-text/qpdf it started in july, see URL: https://github.com/qpdf/qpdf/issues/216
Comment 4 Teun Blok 2018-11-09 19:37:26 UTC
Unfortunately the person in comment 3, who promised to solve it, did not do his job. After a complete removal of app-text/qpdf-7.0.0, I re-emerged app-text/qpdf-8.1.0 and had the same virus alert. See multiple attachments.
Comment 5 Teun Blok 2018-11-09 19:42:29 UTC
Created attachment 554699 [details]
Again sophos virus alert qpdf while compiling latest version 8.1.0
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-09 21:41:20 UTC
This is not a security bug.

qpdf's test suite is verifying that a malicious file cannot crash/affect qpdf.
That's a valid reason to keep that test.

That your anti-virus program is also detecting that malicious pattern is also correct.

The problem in this case is, you cannot have both at the same time. But that's *your* problem. Requesting to drop that test isn't a good idea. When upstream will change pattern to avoid detection it is only a question of time because it is your anti-virus' job to detect things like that ;)