You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "Tim Allison (Jira)" <ji...@apache.org> on 2021/09/15 17:05:00 UTC

[jira] [Comment Edited] (TIKA-3555) Eset antivirus found threat in the GitHub repo after Git clone

    [ https://issues.apache.org/jira/browse/TIKA-3555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415641#comment-17415641 ] 

Tim Allison edited comment on TIKA-3555 at 9/15/21, 5:04 PM:
-------------------------------------------------------------

I'm happy to document that file and we actually have one other...so shame on your detector for not finding it! LOL.

Those files are quines, which means that after you run, e.g. zip on it, you get exactly the same file as when you started so any file scanner that tries to process files recursively will blow up unless it has some max embedded depth logic.

Where should we document it in the README?  Any chance you'd like to draft the language you'd like to have found?  Thank you!


was (Author: tallison@mitre.org):
I'm happy to document that file and we actually have one other...so shame on your detector for not finding it! LOL.

Those files are quines, which means that after you run, e.g. gzip on it, you get exactly the same file as when you started so any file scanner that tries to process files recursively will blow up unless it has some max embedded depth logic.

Where should we document it in the README?  Any chance you'd like to draft the language you'd like to have found?  Thank you!

> Eset antivirus found threat in the GitHub repo after Git clone
> --------------------------------------------------------------
>
>                 Key: TIKA-3555
>                 URL: https://issues.apache.org/jira/browse/TIKA-3555
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Krisztián Gyula Tóth
>            Priority: Major
>         Attachments: eset_tika_alert.png, tika-suspicious-file.png
>
>
> I've just cloned this GitHub repo  [https://github.com/apache/tika]  when I saw the popup from ESET antivirus on my machine.
> {code:java}
> Real-time file system protection - Threat
> Alert triggered on computer:
> C:\Git\GitHub\tika\tika-parsers\tika-parsers-standard\tika-parsers-standard-modules\tika-parser-pkg-module\src\test\resources\test-documents\droste.zip
> contains Archbomb.ZIP trojan.
> {code}
> See the attached screenshots.
>  
> Is this a real threat in the repo or false alarm? Could you please do a security scan?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)