-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why Kaspersky AV flagging the module test data #575
Comments
Seems like this is a tar bomb and it was removed from the repo some time earlier in this commit - 3267116 This is really weird to have such thing in a repo actually ngl, I didn't even download this package myself since it was a dependency of another package. Anyway, I hope there are no more funny files like that in tests, the moment my AV detected this in a test file I remembered about that XZ vulnerability thinking maybe it's the same situation here, but thankfully it seems not to be the case. Well, hopefully. would really like to read maintainer's comments on this one. |
I added the file in #466 as a test case. I had no malicious intentions. Before the commit: After the commit: Going forward, I will retract v1.4.4 on next release and remove the testdata files and replace them with classic golang unit tests. How to fix the issue on your side: upgrade to v1.4.5 if you have the option, otherwise... not much can be done. Maybe just ask the antivirus to quarantine the file. |
Good idea on retracting the version too, since some people might still have it on their machines. Thanks for the clarifications, really appreciate it! |
Check the image below.
The text was updated successfully, but these errors were encountered: