Description of problem: The package pcp-testsuite-3.8.4-2.el5.x86_64.rpm from epel repository is being detected by antivirus inspecting its contents as containing a "Virus: "Exploit-Generic.src" found!" You can check a report at: https://www.virustotal.com/es/file/3127055b8170e2615d169b9257b9a1f74346d68c56dc84fcc3b1d172c72f6839/analysis/ BTW, McAfee and TrendMicro HouseCall detect them as a 'Generic' one Version-Release number of selected component (if applicable): pcp-testsuite-3.8.4-2.el5.x86_64.rpm How reproducible: Steps to Reproduce: 1. Go to http://www.virustotal.com 2. Upload the file (http://dl.fedoraproject.org/pub/epel/5/x86_64/pcp-testsuite-3.8.4-2.el5.x86_64.rpm) or enter URL 3. Wait for results Actual results: Detected as containing viruses, which makes it to be blocked by some proxys with integrated virus scanning Expected results: Not to get detected as virus if possible to ease usage behind corporate proxys Additional info:
Agreed, we should remove or defang the program. It's a regression test for a decade-old security bug. If we keep it, it should try to hit something other than /etc/passwd.
This is resolved by upstream git commit 472edd343b. Expected to release in pcp-3.8.6 within a day or so.
pcp-3.8.6-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/pcp-3.8.6-1.fc20
pcp-3.8.6-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/pcp-3.8.6-1.fc19
pcp-3.8.6-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/pcp-3.8.6-1.fc18
pcp-3.8.6-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/pcp-3.8.6-1.el6
pcp-3.8.6-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/pcp-3.8.6-1.el5
Package pcp-3.8.6-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing pcp-3.8.6-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-20460/pcp-3.8.6-1.fc20 then log in and leave karma (feedback).
pcp-3.8.6-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
pcp-3.8.6-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
pcp-3.8.6-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
pcp-3.8.6-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
pcp-3.8.6-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.