Bug 492105

Summary: sagator contain EICAR file
Product: [Fedora] Fedora EPEL Reporter: Elia Pinto <yersinia.spiros>
Component: sagatorAssignee: Jan ONDREJ <ondrejj>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: el5CC: ondrejj, yersinia.spiros
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-28 19:07:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Elia Pinto 2009-03-25 12:28:54 UTC 
Description of problem:

The source and the binary RPM of sagator contain EICAR files. In particular they
are in the UPSTREAM tarball in the test directory.

EICAR provides a standardized test file for signature based virus detection software (http://www.eicar.org/anti_virus_test_file.htm). 

The presence of the EICAR files could prohibits the package installation if  the yum repository access is not by a direct Internet connection but it is mediated by a antivirus/gateway proxy. For example this problem  happen to me because the my Internet Access use the suite proxy/gateway Finjan (http://www.finjan.com/)


Version-Release number of selected component (if applicable):

1.1.0-1.el5
How reproducible:

Extract fron the source rpm the upstream tarball and execute clamscan(1) on it:

#clamscan -v sagator-1.1.0.tar.bz2
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
Scanning sagator-1.1.0.tar.bz2
sagator-1.1.0.tar.bz2: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 533398
Engine version: 0.94.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.68 MB
Time: 1.680 sec (0 m 1 s)

Thereafter open the tarball and execute clamscan(1) on the directory.

#tar -jxvf sagator-1.1.0.tar.bz2

#clamscan -r -v sagator-1.1.0 | grep -i eicar
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
sagator-1.1.0/test/pack/rtest.zip: Eicar-Test-Signature FOUND
sagator-1.1.0/test/pack/test.zip: Eicar-Test-Signature FOUND
LibClamAV Warning: RAR code not compiled-in
Scanning sagator-1.1.0/test/Eicar
sagator-1.1.0/test/Eicar: Eicar-Test-Signature FOUND






Steps to Reproduce:
1. Define the in epel.conf the proxy host
2. try yum installa sagator
3.
  
Actual results:

The install fail (e.g. the antivirus proxy block the download ).


Expected results:

The install succed.

Additional info:

The simple patch to the spec file below drop the EICAR files from being packaged in the docdir. IMHO, no problem to drop this files from the main
package.

--- sagator.spec        2008-07-14 12:06:54.000000000 +0200
+++ sagator.spec        2009-03-25 12:11:01.000000000 +0100
@@ -97,6 +97,10 @@
 make DESTDIR=%{buildroot} PREFIX=%{_prefix} install
 rm -f %{buildroot}%{_datadir}/sagator/etc/sgconf.py* \
   scripts/mkchroot.sh scripts/graphs/*.in
+# Drop from builddir EICAR test files : don't want to package these in %%doc.
+# They block the package install if yum repository is mediated by an antivirus proxy
+rm -f test/pack/rtest.zip test/pack/test.zip test/Eicar
+
 touch %{buildroot}%{_datadir}/%{name}/etc/sgconf.py_
 ln -s ../../../..%{_sysconfdir}/sagator.conf \
   %{buildroot}%{_datadir}/%{name}/etc/sgconf.py
 

*************

If agree that this is a bug I can reopen the same as duplicated for the FC release.
Comment 1 Jan ONDREJ 2009-03-25 13:44:21 UTC 
Thank you for reporting this bug.

I think you are right, this testing pattern should be removed from sagator package. There was considerations about removal of this file in past, but it was not removed.

Do you think, remove upstream will be enough and this will be fixed after release of new version of sagator? Removing of this file is an feature downgrade, bacause users can't test their configuration. I can remove this for sagator-1.2, but I think it's not a good idea to remove this file for stable release.

EPEL buildsystem is down some days ago, so I can't built sagator-1.1.1 or any other update for EPEL's. :-(
Comment 2 Jan ONDREJ 2009-03-25 14:03:48 UTC 
Sagator-1.2.0-beta changelog:

  - viruses removed from test/ directory and added download_viruses.sh
    shell script
Comment 3 Elia Pinto 2009-03-25 14:59:17 UTC 
(In reply to comment #2)
> Sagator-1.2.0-beta changelog:
> 
>   - viruses removed from test/ directory and added download_viruses.sh
>     shell script  

Great. This is the perfect solution. Thanks very much.
Comment 4 Elia Pinto 2009-03-25 15:03:29 UTC 
(In reply to comment #2)
> Sagator-1.2.0-beta changelog:
> 
>   - viruses removed from test/ directory and added download_viruses.sh
>     shell script  

Is it necessary for you that i open the bug - as a duplicate - also for FC release ?
Comment 5 Jan ONDREJ 2009-03-25 15:05:14 UTC 
Closing this bug, because it's fixed upstream. Will be fixed in future.

If you need a solution soon, feel free to reopen it.
Comment 6 Jan ONDREJ 2009-03-25 15:12:28 UTC 
(In reply to comment #4)
> (In reply to comment #2)
> > Sagator-1.2.0-beta changelog:
> > 
> >   - viruses removed from test/ directory and added download_viruses.sh
> >     shell script  
> 
> Is it necessary for you that i open the bug - as a duplicate - also for FC
> release ?  

If you think, it have to be fixed in current stable, just tell me.

Otherwise it will be fixed automatically, when sagator-1.2 will go into Fedora/EPEL.

If you want to test latest beta version, there are yum repositories upstrem:
  http://www.salstar.sk/sagator/download.php
In  1.2.0-0.beta20 this problem has already been fixed.
Comment 7 Elia Pinto 2009-03-25 15:37:21 UTC 
If possible would be preferibile to have a backport fix in the actual release. We have every daily alarms from the software antivirus because I have realized a internal daily mirror of the EPEL repo.


Thanks in advance.

Elia
Comment 8 Jan ONDREJ 2009-03-28 19:07:51 UTC 
OK, done. Applied to EL-4 and EL-5.

http://buildsys.fedoraproject.org/logs/fedora-5-epel/1852-sagator-1.1.1-4.el5
http://buildsys.fedoraproject.org/logs/fedora-4-epel/1855-sagator-1.1.1-4.el4
Comment 9 Elia Pinto 2009-03-28 19:38:57 UTC 
Thank a lot. Not matter when i will follow your project : good project, best mantainer :=)