Bug 1393822 - Clamscan positive hit: ogr/data/billionlaugh.osm: Xml.Exploit.CVE_2013_3860-3 FOUND
Summary: Clamscan positive hit: ogr/data/billionlaugh.osm: Xml.Exploit.CVE_2013_3860-3...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: clamav
Version: epel7
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Robert Scheck
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-10 12:10 UTC by Phil Wyett
Modified: 2017-03-28 19:03 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-28 19:03:47 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Phil Wyett 2016-11-10 12:10:49 UTC 
Description of problem:

Flag being flagged by clamscan.

[philwyett@hemi-yoda gdalautotest-2.1.0]$ clamscan -r -i *
ogr/data/billionlaugh.osm: Xml.Exploit.CVE_2013_3860-3 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 5063642
Engine version: 0.99.2
Scanned directories: 91
Scanned files: 1962
Infected files: 1
Data scanned: 40.43 MB
Data read: 15.92 MB (ratio 2.54:1)
Time: 22.258 sec (0 m 22 s)
[philwyett@hemi-yoda gdalautotest-2.1.0]$


Version-Release number of selected component (if applicable):

gdal-2.1.0-8.fc25

How reproducible:

Always

Steps to Reproduce:
1. Download srpm.
2. Extract srpm.
3. Extract gdalautotest archive.
4. Perform virus scan.

Actual results:

Positive clamscan hit.

ogr/data/billionlaugh.osm: Xml.Exploit.CVE_2013_3860-3 FOUND

Expected results:

Have no infected files or false positives.
Comment 1 Orion Poplawski 2016-11-10 16:32:42 UTC 
Per http://forums.clamwin.com/viewtopic.php?t=4506 this false positive should have been resolved with daily update 21975.  Maybe another came and went as well.

I don't show a hit with 22511.
Comment 2 Phil Wyett 2016-11-10 18:01:21 UTC 
Hi,

Just updated clamscan (22511) on CentOS 7 dev box and re-run scan. Data below.

[philwyett@hemi-yoda gdalautotest-2.1.0]$ clamscan --version
ClamAV 0.99.2/22511/Thu Nov 10 15:10:09 2016
[philwyett@hemi-yoda gdalautotest-2.1.0]$ clamscan -r -i *
ogr/data/billionlaugh.osm: Xml.Exploit.CVE_2013_3860-3 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 5067253
Engine version: 0.99.2
Scanned directories: 91
Scanned files: 1962
Infected files: 1
Data scanned: 40.43 MB
Data read: 15.92 MB (ratio 2.54:1)
Time: 18.722 sec (0 m 18 s)
[philwyett@hemi-yoda gdalautotest-2.1.0]$
Comment 3 Orion Poplawski 2016-11-10 18:11:06 UTC 
Ah, indeed.  Reported here: http://www.clamav.net/reports/fp
Comment 4 Phil Wyett 2016-11-10 18:22:21 UTC 
(In reply to Orion Poplawski from comment #3)
> Ah, indeed.  Reported here: http://www.clamav.net/reports/fp

Reported at link provided.
Comment 5 Robert Scheck 2017-03-28 19:03:47 UTC 
$ clamscan --version
ClamAV 0.99.2/23245/Tue Mar 28 14:33:35 2017
$ 

$ clamscan billionlaugh.osm 
billionlaugh.osm: OK

----------- SCAN SUMMARY -----------
Known viruses: 9062952
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 17.670 sec (0 m 17 s)
$ 

From my point of view this has been solved by upstream meanwhile.
Note You need to log in before you can comment on or make changes to this bug.