Bug 1393822

Summary: Clamscan positive hit: ogr/data/billionlaugh.osm: Xml.Exploit.CVE_2013_3860-3 FOUND
Product: [Fedora] Fedora EPEL Reporter: Phil Wyett <philwyett.hemisphere>
Component: clamavAssignee: Robert Scheck <redhat-bugzilla>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: epel7CC: alex, cristian.balint, devrim, janfrode, j, mmahut, ondrejj, orion, pavel.lisy, pertusus, redhat-bugzilla, rhbugs, steve, volker27
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-28 19:03:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Phil Wyett 2016-11-10 12:10:49 UTC
Description of problem:

Flag being flagged by clamscan.

[philwyett@hemi-yoda gdalautotest-2.1.0]$ clamscan -r -i *
ogr/data/billionlaugh.osm: Xml.Exploit.CVE_2013_3860-3 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 5063642
Engine version: 0.99.2
Scanned directories: 91
Scanned files: 1962
Infected files: 1
Data scanned: 40.43 MB
Data read: 15.92 MB (ratio 2.54:1)
Time: 22.258 sec (0 m 22 s)
[philwyett@hemi-yoda gdalautotest-2.1.0]$


Version-Release number of selected component (if applicable):

gdal-2.1.0-8.fc25

How reproducible:

Always

Steps to Reproduce:
1. Download srpm.
2. Extract srpm.
3. Extract gdalautotest archive.
4. Perform virus scan.

Actual results:

Positive clamscan hit.

ogr/data/billionlaugh.osm: Xml.Exploit.CVE_2013_3860-3 FOUND

Expected results:

Have no infected files or false positives.

Comment 1 Orion Poplawski 2016-11-10 16:32:42 UTC
Per http://forums.clamwin.com/viewtopic.php?t=4506 this false positive should have been resolved with daily update 21975.  Maybe another came and went as well.

I don't show a hit with 22511.

Comment 2 Phil Wyett 2016-11-10 18:01:21 UTC
Hi,

Just updated clamscan (22511) on CentOS 7 dev box and re-run scan. Data below.

[philwyett@hemi-yoda gdalautotest-2.1.0]$ clamscan --version
ClamAV 0.99.2/22511/Thu Nov 10 15:10:09 2016
[philwyett@hemi-yoda gdalautotest-2.1.0]$ clamscan -r -i *
ogr/data/billionlaugh.osm: Xml.Exploit.CVE_2013_3860-3 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 5067253
Engine version: 0.99.2
Scanned directories: 91
Scanned files: 1962
Infected files: 1
Data scanned: 40.43 MB
Data read: 15.92 MB (ratio 2.54:1)
Time: 18.722 sec (0 m 18 s)
[philwyett@hemi-yoda gdalautotest-2.1.0]$

Comment 3 Orion Poplawski 2016-11-10 18:11:06 UTC
Ah, indeed.  Reported here: http://www.clamav.net/reports/fp

Comment 4 Phil Wyett 2016-11-10 18:22:21 UTC
(In reply to Orion Poplawski from comment #3)
> Ah, indeed.  Reported here: http://www.clamav.net/reports/fp

Reported at link provided.

Comment 5 Robert Scheck 2017-03-28 19:03:47 UTC
$ clamscan --version
ClamAV 0.99.2/23245/Tue Mar 28 14:33:35 2017
$ 

$ clamscan billionlaugh.osm 
billionlaugh.osm: OK

----------- SCAN SUMMARY -----------
Known viruses: 9062952
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.670 sec (0 m 17 s)
$ 

From my point of view this has been solved by upstream meanwhile.