ClamAV reporting calibre as being infected with CVE 2017 0141
Bug #1673284 reported by
dr who
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
calibre |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Downloaded calibre from calibre download page (https:/
Scanning selected files…
/Applications/
----------- SCAN SUMMARY -----------
Known viruses: 6847967
Engine version: 0.99.2
Scanned directories: 453
Scanned files: 3662
Infected files: 1
Data scanned: 281.73 MB
Data read: 183.86 MB (ratio 1.53:1)
Time: 54.957 sec (0 m 54 s)
False positive or genuine issue?
CVE References
To post a comment you must log in.
Looks like a reserved ID, though, nothing to see here... /www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= CVE-2017- 0141
https:/
Anyway, that file is the bundled rapydscript- to-javascript transpiler
used to build the experimental new server. In the unlikely event that
there is an *actual* vulnerability there (and note that calibre is
open-source and certainly does not deliberately ship vulnerabilities) it
will never be accessed regardless -- unless you use calibre's python
interpreter to rebuild the presumably-modified *.pyj files from the
source code checkout described in the manual under "Setting up a calibre
development environment".