[
https://issues.apache.org/jira/browse/TIKA-3555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415473#comment-17415473
]
Krisztián Gyula Tóth commented on TIKA-3555:
--------------------------------------------
[~nick] Thanks for the quick reply! From my side, I'm happy with closing this
ticket in this case. :)
Just a follow-up question, but maybe it worth consider mentioning this
somewhere in the project's readme (if it's not already) and/or add artifact
scanning to the repo CI/CD too. What do you think? Is there anything we
could/should do here?
> Eset antivirus found threat in the GitHub repo after Git clone
> --------------------------------------------------------------
>
> Key: TIKA-3555
> URL: https://issues.apache.org/jira/browse/TIKA-3555
> Project: Tika
> Issue Type: Bug
> Reporter: Krisztián Gyula Tóth
> Priority: Major
> Attachments: eset_tika_alert.png, tika-suspicious-file.png
>
>
> I've just cloned this GitHub repo [https://github.com/apache/tika] when I
> saw the popup from ESET antivirus on my machine.
> {code:java}
> Real-time file system protection - Threat
> Alert triggered on computer:
> C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip
> contains Archbomb.ZIP trojan.
> {code}
> See the attached screenshots.
>
> Is this a real threat in the repo or false alarm? Could you please do a
> security scan?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
