[jira] [Updated] (TIKA-3555) Eset antivirus found threat in the GitHub repo after Git clone

Wed, 15 Sep 2021 02:37:17 -0700 


     [ 
https://issues.apache.org/jira/browse/TIKA-3555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Krisztián Gyula Tóth updated TIKA-3555:
---------------------------------------
    Description: 
I've just cloned this GitHub repo  [https://github.com/apache/tika]  when I saw 
the popup from ESET antivirus on my machine.
{code:java}
Real-time file system protection - Threat

Alert triggered on computer:

C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip

contains Archbomb.ZIP trojan.
{code}
See the attached screenshots.

 

Is this a real threat in the repo or false alarm? Could you please do a 
security scan?

  was:
I've just cloned this GitHub repo[ https://github.com/apache/tika 
|https://github.com/apache/tika]when I saw the popup from ESET antivirus.
{code:java}
Real-time file system protection - Threat

Alert triggered on computer:

C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip

contains Archbomb.ZIP trojan.
{code}
See the attached screenshots.

 

Is this a real threat in the repo or false alarm? Could you please do a 
security scan?


> Eset antivirus found threat in the GitHub repo after Git clone
> --------------------------------------------------------------
>
>                 Key: TIKA-3555
>                 URL: https://issues.apache.org/jira/browse/TIKA-3555
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Krisztián Gyula Tóth
>            Priority: Major
>         Attachments: tika-suspicious-file.png
>
>
> I've just cloned this GitHub repo  [https://github.com/apache/tika]  when I 
> saw the popup from ESET antivirus on my machine.
> {code:java}
> Real-time file system protection - Threat
> Alert triggered on computer:
> C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip
> contains Archbomb.ZIP trojan.
> {code}
> See the attached screenshots.
>  
> Is this a real threat in the repo or false alarm? Could you please do a 
> security scan?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to