[ 
https://issues.apache.org/jira/browse/TIKA-3555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17574750#comment-17574750
 ] 

Tim Allison commented on TIKA-3555:
-----------------------------------

We've fixed the unit tests to check to see if the files exist before running 
the tests.  If AV has removed the files, the build should pass.  My guess is 
that people don't want notifications from AV that there's a bad file in the 
repo.

So, if we go with the "dangerously named subdirectory", will that solve these 
people's problem?  Or will they still raise the issue with us because their AV 
is unhappy.

I agree about about the on-access/in-memory checks that would still alert on 
these files if we obfuscated them and then deobfuscated in memory or in a temp 
file.

[~ktothdev] and [~marmanis], is there a way that we can keep these unit test 
files and not cause you and AV a problem?

> Eset antivirus found threat in the GitHub repo after Git clone
> --------------------------------------------------------------
>
>                 Key: TIKA-3555
>                 URL: https://issues.apache.org/jira/browse/TIKA-3555
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Krisztián Gyula Tóth
>            Priority: Major
>         Attachments: eset_tika_alert.png, tika-suspicious-file.png
>
>
> I've just cloned this GitHub repo  [https://github.com/apache/tika]  when I 
> saw the popup from ESET antivirus on my machine.
> {code:java}
> Real-time file system protection - Threat
> Alert triggered on computer:
> C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip
> contains Archbomb.ZIP trojan.
> {code}
> See the attached screenshots.
>  
> Is this a real threat in the repo or false alarm? Could you please do a 
> security scan?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to