JDK-6409831 : Virus alerts on JPEGVmCrashTest.jpg and APP0_erased.jpg
  • Type: Bug
  • Component: client-libs
  • Sub-Component: 2d
  • Affected Version: 5.0,7
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic,windows
  • CPU: generic,x86
  • Submitted: 2006-04-06
  • Updated: 2011-01-19
  • Resolved: 2006-04-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6 b81Fixed 7Fixed
Related Reports
Relates :  
JDK-4836529 - Reading corrupted JPEG cause VM crash
Description
McAfee anivirus software may complain that j2se testbase contains infected files. 
For example see scanning report below:

/net/jdk.sfbay/export/disk7/jdk1.6.0/j2se/test/sun/awt/image/* 
 .../net/jdk.sfbay/export/disk7/jdk1.6.0/j2se/test/sun/awt/image/JPEGImageDecoder/JPEGVmCrashTest.jpg
        Found the Exploit-MS04-028 trojan !!!

Summary report on 
/net/jdk.sfbay/export/disk7/jdk1.6.0/j2se/test/sun/awt/image/*
File(s)
        Total files: ...........     404
        Clean: .................     403
        Not scanned: ...........       0
        Possibly Infected: .....       1
Comments
EVALUATION The root of the problem is that length of APP0 marker is zero. It triggers McAfee to alert to Exploit-MS04-028 virus infection. I am sure that it is false alarm. If we create image from scratch and fill the length field by zero, it also causes same alert, although jpeg image does not contain any viruses. Besides this, other virus checkers, which are in the known about this virus, do not consider this file as infected. To avoid McAfee complains I suggest to change the length of the APP0 marker to 1 (byte with offet 5 from the begin of the file). This allows us to verify fix for 4836529 also: we will get -1 (marker length - 2) as marker data length, what causes crash of JPEG decoder in earlier versions of JDK than 5.0b05.
10-04-2006