New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
decompression_bomb.gif detected as BC.Gif.Exploit.Agent-1425366.Agent only by ClamAV #6962
Comments
We've had issues in the past where antivirus software has flagged out test images as being exploits, like #4730. In cases like that, it is true that they are exploits - it's just that they are only exploits for past versions of Pillow. We've since fixed the problems, and so to silence these unnecessary warnings, we move the problematic files into a different repository. But I'd like to try and figure out some more information first. I'm having trouble finding anything to tell me what "BC.Gif.Exploit.Agent-1425366.Agent" means. Do you have a link you can post? Let us know if ClamAV does respond to you. |
Dear @radarhere, I will check later that day in discord for ClamAV feedback. I had provided them w/ the link to this issue as well. Best regards, |
I've created PR #6964 to resolve this by moving the image into another repository. If it is merged, then in the next release of Pillow, the test image will no longer be part of our main repository. Instead, it will just be in https://github.com/python-pillow/test-images and only tested on our CI builds. |
Thank you for your efforts reporting this to ClamAV, and for letting us know! Plan A is always to get the AV tool to stop reporting these, as it's always better for us to keep test files versioned with the source code, so that others can take a single release and fully test it, including that there are no security regressions. And therefore moving test files outside the repo worsens the security of the project. Our next release is scheduled for 1st April, let's give ClamAV until late March to fix their AV, and we can consider #6964 as a last resort. |
@hugovk @radarhere In enjoyed that collaboration. I consider this as soon-to-be-resolved. You may not need any follow-up. Best regards |
Excellent. Kindly let us know when it is dropped. |
@ronator any updates? |
Closing this issue as no feedback has been received. |
Hi all,
I wanted to raise this project's attention as I could not resolve an issue with ClamAV despite creating a false-positive report via web form. After some investigation, I am 100% sure your file is not infected. However, ClamAV does not act on it. I have reached out to them again via Discord some minutes ago.
I am aware, that this is NOT an issue but I wanted to make sure you are aware of the false accusations. I was not able to get ClamAV team fix this within the last two weeks, I am sorry.
What are your OS, Python and Pillow versions?
The text was updated successfully, but these errors were encountered: