[ https://issues.apache.org/jira/browse/TIKA-3555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17574750#comment-17574750 ]
Tim Allison commented on TIKA-3555: ----------------------------------- We've fixed the unit tests to check to see if the files exist before running the tests. If AV has removed the files, the build should pass. My guess is that people don't want notifications from AV that there's a bad file in the repo. So, if we go with the "dangerously named subdirectory", will that solve these people's problem? Or will they still raise the issue with us because their AV is unhappy. I agree about about the on-access/in-memory checks that would still alert on these files if we obfuscated them and then deobfuscated in memory or in a temp file. [~ktothdev] and [~marmanis], is there a way that we can keep these unit test files and not cause you and AV a problem? > Eset antivirus found threat in the GitHub repo after Git clone > -------------------------------------------------------------- > > Key: TIKA-3555 > URL: https://issues.apache.org/jira/browse/TIKA-3555 > Project: Tika > Issue Type: Bug > Reporter: Krisztián Gyula Tóth > Priority: Major > Attachments: eset_tika_alert.png, tika-suspicious-file.png > > > I've just cloned this GitHub repo [https://github.com/apache/tika] when I > saw the popup from ESET antivirus on my machine. > {code:java} > Real-time file system protection - Threat > Alert triggered on computer: > C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip > contains Archbomb.ZIP trojan. > {code} > See the attached screenshots. > > Is this a real threat in the repo or false alarm? Could you please do a > security scan? -- This message was sent by Atlassian Jira (v8.20.10#820010)