[
https://issues.apache.org/jira/browse/TIKA-3555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17574991#comment-17574991
]
Haralambos Marmanis commented on TIKA-3555:
-------------------------------------------
First of all thank you for your work and I am sorry that I didn't notice that
this was a duplicate before submitting.
In terms of resolution, I think that awareness is certainly one of the ways
that people can be prepared to deal with this; whether with a special README
(as suggested above) or with a note in the main README regarding testing to
draw attention to it. Another way, perhaps, could be that these files are
excluded (by default), unless intentionally included, in the tests through a
configuration parameter.
> Eset antivirus found threat in the GitHub repo after Git clone
> --------------------------------------------------------------
>
> Key: TIKA-3555
> URL: https://issues.apache.org/jira/browse/TIKA-3555
> Project: Tika
> Issue Type: Bug
> Reporter: Krisztián Gyula Tóth
> Priority: Major
> Attachments: eset_tika_alert.png, tika-suspicious-file.png
>
>
> I've just cloned this GitHub repo [https://github.com/apache/tika] when I
> saw the popup from ESET antivirus on my machine.
> {code:java}
> Real-time file system protection - Threat
> Alert triggered on computer:
> C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip
> contains Archbomb.ZIP trojan.
> {code}
> See the attached screenshots.
>
> Is this a real threat in the repo or false alarm? Could you please do a
> security scan?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
