[
https://issues.apache.org/jira/browse/TIKA-3555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415770#comment-17415770
]
Tim Allison commented on TIKA-3555:
-----------------------------------
On third thought, maybe we should obfuscate those files in a password protected
envelope or maybe base64 encoded?
> Eset antivirus found threat in the GitHub repo after Git clone
> --------------------------------------------------------------
>
> Key: TIKA-3555
> URL: https://issues.apache.org/jira/browse/TIKA-3555
> Project: Tika
> Issue Type: Bug
> Reporter: Krisztián Gyula Tóth
> Priority: Major
> Attachments: eset_tika_alert.png, tika-suspicious-file.png
>
>
> I've just cloned this GitHub repo [https://github.com/apache/tika] when I
> saw the popup from ESET antivirus on my machine.
> {code:java}
> Real-time file system protection - Threat
> Alert triggered on computer:
> C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip
> contains Archbomb.ZIP trojan.
> {code}
> See the attached screenshots.
>
> Is this a real threat in the repo or false alarm? Could you please do a
> security scan?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
