[
https://issues.apache.org/jira/browse/TIKA-3555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415641#comment-17415641
]
Tim Allison commented on TIKA-3555:
-----------------------------------
I'm happy to document that file and we actually have one other...so shame on
your detector for not finding it! LOL.
Those files are quines, which means that after you run, e.g. gzip on it, you
get exactly the same file as when you started so any file scanner that tries to
process files recursively will blow up unless it has some max embedded depth
logic.
Where should we document it in the README? Any chance you'd like to draft the
language you'd like to have found? Thank you!
> Eset antivirus found threat in the GitHub repo after Git clone
> --------------------------------------------------------------
>
> Key: TIKA-3555
> URL: https://issues.apache.org/jira/browse/TIKA-3555
> Project: Tika
> Issue Type: Bug
> Reporter: Krisztián Gyula Tóth
> Priority: Major
> Attachments: eset_tika_alert.png, tika-suspicious-file.png
>
>
> I've just cloned this GitHub repo [https://github.com/apache/tika] when I
> saw the popup from ESET antivirus on my machine.
> {code:java}
> Real-time file system protection - Threat
> Alert triggered on computer:
> C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip
> contains Archbomb.ZIP trojan.
> {code}
> See the attached screenshots.
>
> Is this a real threat in the repo or false alarm? Could you please do a
> security scan?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
