Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why Kaspersky AV flagging the module test data #575

Open
abhisekp opened this issue Sep 7, 2024 · 3 comments
Open

Why Kaspersky AV flagging the module test data #575

abhisekp opened this issue Sep 7, 2024 · 3 comments

Comments

@abhisekp
Copy link

abhisekp commented Sep 7, 2024

Check the image below.

image
@mk26710
Copy link

mk26710 commented Sep 12, 2024
edited
Loading

Seems like this is a tar bomb and it was removed from the repo some time earlier in this commit - 3267116

This is really weird to have such thing in a repo actually ngl, I didn't even download this package myself since it was a dependency of another package. Anyway, I hope there are no more funny files like that in tests, the moment my AV detected this in a test file I remembered about that XZ vulnerability thinking maybe it's the same situation here, but thankfully it seems not to be the case. Well, hopefully. would really like to read maintainer's comments on this one.

@gabriel-vasile
Copy link
Owner

I added the file in #466 as a test case. I had no malicious intentions.
To be clear on the consequences of messing with that tarbomb: it will simply extract a file until all disk space is used. It will not overwrite any files on the host.

Before the commit:
I extracted the file and my archiver detected it's a tar bomb and protected me by extracting just one file.
I then concluded that archiving software is smart nowadays and not falling for this kind of traps (it probably is, but antiviruses take the side of caution.)
TBH, antivirus software was never in my mind all that time.

After the commit:
I released v1.4.5 which does not contain the tarbomb.
testdata/exe file was reported as virus by different software. Removed as well in v1.4.5.

Going forward, I will retract v1.4.4 on next release and remove the testdata files and replace them with classic golang unit tests.
Using the testdata directory was probably a mistake. I did it because some file formats are complicated and storing as files, instead of byte slices in golang, was easy.

How to fix the issue on your side: upgrade to v1.4.5 if you have the option, otherwise... not much can be done. Maybe just ask the antivirus to quarantine the file.

@mk26710
Copy link

mk26710 commented Sep 13, 2024

Good idea on retracting the version too, since some people might still have it on their machines. Thanks for the clarifications, really appreciate it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@abhisekp @gabriel-vasile @mk26710