Re: For tika-1.23-src.zip 7 of 52 scanning engines on VirusTotal found a match

[Fossies Administrator]

Hi Tim,

  Thank you for the note. We added two compression quines to the unit
tests, and that looks like what several of the engines are triggering on.
I’m on my phone now and can’t easily figure out if VirusTotal points to
specific files. Without that info, I can’t explain Riskware.Win32.Patcher.oltzn
or PATH_SLIP.
The latter also was found in 1.21. I’ll take a look early next week.

I find it eye-opening that the quines didn’t set off _more_ AV engines!🤣

A completion: Since for unknown reasons Fossies hasn't detected the 
release of tika version 1.22 on Fossies no VirusTotal check was made. So I 
have now made up for it manually with a a little bit surprising result 
(even 14 of 56 matching engines)

Tika        1.21 (2 of 52)      1.22 (14 of 56)                   1.23 (7 of 52)
########### ################### ################################# 
############################
Cyren       PATH_SLIP           PATH_SLIP                         PATH_SLIP
Zoner       Probably RTFBinData 
Alibaba                         TrojanArcBomb:GZip/Agent.836c5791 
Symantec                        Trojan.Gen.NPE
ESET-NOD32                      Archbomb.ZIP                      Archbomb.ZIP
Kaspersky                       Trojan-ArcBomb.GZip.Agent.e       
Trojan-ArcBomb.GZip.Agent.e
NANO-Antiv.                     Riskware.Win32.Patcher.oltzn      
Riskware.Win32.Patcher.oltzn
AegisLab                        Trojan.GZip.Agent.61c 
Sophos                          Troj/ZipB-A                       Troj/ZipB-A
Comodo                          Malware@#3vccmnmqk3bh6
SentinelOne                     DFI - Malicious Archive           DFI - 
Malicious Archive
Fortinet                        Riskware/GZunlimited
ZoneAlarm                       Trojan-ArcBomb.GZip.Agent.e       
Trojan-ArcBomb.GZip.Agent.e
Ikarus                          Trojan-Downloader.PS.Agent
Qihoo-360                       Win32/Trojan.BO.316

For tika 1.21 I repeated the check because the signatures could be updated 
in the meantime. But still 2 matches (now of 52 instead of 45 engines).

Regards

Jens

On Fri, Dec 6, 2019 at 5:36 PM Fossies Administrator <
jens.schleuse...@fossies.org> wrote:

Hi,

just as information: As for all offered software packages the FOSS server
fossies.org forced also for the just released tika-1.23-src.zip archive a
malware check by the VirusTotal site, see the line "VirusTotal check" at
the top of the page

  https://fossies.org/linux/misc/tika-1.23-src.zip/

You may click on the results to see the detailed report on
https://www.virustotal.com.

Unfortunately 7 of 52 scanning engines found a match for tika-1.23-src.zip.

Hopefully that are all False positives related to the nature of Tika but
at least for tika-1.21-src.zip "only" 2 of 45 engines have found a match,
see

  https://fossies.org/linux/misc/legacy/tika-1.21-src.zip/

Regards

Jens

--
FOSSIES - The Fresh Open Source Software archive
mainly for Internet, Engineering and Science
https://fossies.org/