Bug 1024850

Summary: pmpost-exploit.c detected as false positive by antivirus
Product: [Fedora] Fedora EPEL Reporter: Pablo Iranzo Gómez <pablo.iranzo>
Component: pcpAssignee: Nathan Scott <nathans>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el5CC: fche, mgoodwin, nathans, pcp, scox
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcp-3.8.6-1.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-10 06:55:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pablo Iranzo Gómez 2013-10-30 14:02:39 UTC 
Description of problem:
The package pcp-testsuite-3.8.4-2.el5.x86_64.rpm from epel repository is being detected by antivirus inspecting its contents as containing a "Virus: "Exploit-Generic.src" found!"

You can check a report at: https://www.virustotal.com/es/file/3127055b8170e2615d169b9257b9a1f74346d68c56dc84fcc3b1d172c72f6839/analysis/

BTW, McAfee and TrendMicro HouseCall detect them as a 'Generic' one

Version-Release number of selected component (if applicable):
pcp-testsuite-3.8.4-2.el5.x86_64.rpm

How reproducible:
Steps to Reproduce:
1. Go to http://www.virustotal.com
2. Upload the file (http://dl.fedoraproject.org/pub/epel/5/x86_64/pcp-testsuite-3.8.4-2.el5.x86_64.rpm) or enter URL
3. Wait for results

Actual results:
Detected as containing viruses, which makes it to be blocked by some proxys with integrated virus scanning

Expected results:
Not to get detected as virus if possible to ease usage behind corporate proxys

Additional info:
Comment 1 Frank Ch. Eigler 2013-10-30 14:29:18 UTC 
Agreed, we should remove or defang the program.  It's a regression
test for a decade-old security bug.  If we keep it, it should try to
hit something other than /etc/passwd.
Comment 2 Nathan Scott 2013-10-30 23:14:58 UTC 
This is resolved by upstream git commit 472edd343b.  Expected to release in pcp-3.8.6 within a day or so.
Comment 3 Fedora Update System 2013-11-01 05:12:29 UTC 
pcp-3.8.6-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/pcp-3.8.6-1.fc20
Comment 4 Fedora Update System 2013-11-01 05:13:35 UTC 
pcp-3.8.6-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/pcp-3.8.6-1.fc19
Comment 5 Fedora Update System 2013-11-01 05:14:12 UTC 
pcp-3.8.6-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/pcp-3.8.6-1.fc18
Comment 6 Fedora Update System 2013-11-01 05:14:55 UTC 
pcp-3.8.6-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/pcp-3.8.6-1.el6
Comment 7 Fedora Update System 2013-11-01 05:15:38 UTC 
pcp-3.8.6-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/pcp-3.8.6-1.el5
Comment 8 Fedora Update System 2013-11-01 20:25:52 UTC 
Package pcp-3.8.6-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pcp-3.8.6-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-20460/pcp-3.8.6-1.fc20
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2013-11-10 06:55:09 UTC 
pcp-3.8.6-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2013-11-11 02:38:07 UTC 
pcp-3.8.6-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2013-11-11 02:38:26 UTC 
pcp-3.8.6-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2013-11-19 01:21:46 UTC 
pcp-3.8.6-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2013-11-19 01:23:28 UTC 
pcp-3.8.6-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.