Why Kaspersky AV flagging the module test data #575
Comments
|
Seems like this is a tar bomb and it was removed from the repo some time earlier in this commit - 3267116 This is really weird to have such thing in a repo actually ngl, I didn't even download this package myself since it was a dependency of another package. Anyway, I hope there are no more funny files like that in tests, the moment my AV detected this in a test file I remembered about that XZ vulnerability thinking maybe it's the same situation here, but thankfully it seems not to be the case. Well, hopefully. would really like to read maintainer's comments on this one. |
|
I added the file in #466 as a test case. I had no malicious intentions. Before the commit: After the commit: Going forward, I will retract v1.4.4 on next release and remove the testdata files and replace them with classic golang unit tests. How to fix the issue on your side: upgrade to v1.4.5 if you have the option, otherwise... not much can be done. Maybe just ask the antivirus to quarantine the file. |
|
Good idea on retracting the version too, since some people might still have it on their machines. Thanks for the clarifications, really appreciate it! |
https://github.com/file/file/blob/7c62d696b06e53fc5be015c41a57513278ac6c54/magic/Magdir/msooxml The algorithms is not 100% percent reliable. For example, a zero compression zip containing a docx will still sometimes be detected as docx instead of zip (it depends on how many files and the order of files in the zip) Second thing in this PR is removing some test data fixtures. From now, I'll try as much as possible to write regular unit tests without relying on test file fixtures. #575 (comment) related #550 #575
https://github.com/file/file/blob/7c62d696b06e53fc5be015c41a57513278ac6c54/magic/Magdir/msooxml The algorithms is not 100% percent reliable. For example, a zero compression zip containing a docx will still sometimes be detected as docx instead of zip (it depends on how many files and the order of files in the zip) Second thing in this PR is removing some test data fixtures. From now, I'll try as much as possible to write regular unit tests without relying on test file fixtures. #575 (comment) related #550 #575 closes #400
* Make mso detection work similar to what file/file does https://github.com/file/file/blob/7c62d696b06e53fc5be015c41a57513278ac6c54/magic/Magdir/msooxml The algorithms is not 100% percent reliable. For example, a zero compression zip containing a docx will still sometimes be detected as docx instead of zip (it depends on how many files and the order of files in the zip) Second thing in this PR is removing some test data fixtures. From now, I'll try as much as possible to write regular unit tests without relying on test file fixtures. #575 (comment) related #550 #575 closes #400 * zipContains: remove unnecessary zip sig check The check is already done in parent function.
https://github.com/file/file/blob/7c62d696b06e53fc5be015c41a57513278ac6c54/magic/Magdir/msooxml The algorithms is not 100% percent reliable. For example, a zero compression zip containing a docx will still sometimes be detected as docx instead of zip (it depends on how many files and the order of files in the zip) Second thing in this PR is removing some test data fixtures. From now, I'll try as much as possible to write regular unit tests without relying on test file fixtures. #575 (comment) related #550 #575 closes #400
continuing removing excessive testfixures #575 (comment)
continuing removing excessive testfixures #575 (comment)
* formatting: reduce ident size by 1 * testdata cleanup: remove macho fixtures #575 (comment) * macho: use signature from stdlib instead of magic signature * macho: add unit tests These tests are a replacement for the fixtures from the testdata directory.
Check the image below.
The text was updated successfully, but these errors were encountered: