[
https://issues.apache.org/jira/browse/DRILL-7484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16993789#comment-16993789
]
Charles Givre edited comment on DRILL-7484 at 12/11/19 6:17 PM:
----------------------------------------------------------------
[~volodymyr]
I don't think so. I could find another file with TCP sessions, but I would
have to re-write all the unit tests for TCP Sessionization.
It *may* be possible to perhaps take the first few packets from the file, which
shouldn't trip the anti-virus. I assume that could be done, but I'm not quite
sure how. This would also require modifying the unit tests.
Alternatively, I could create a git repo and the test could d/l the file and
run the tests. That way we wouldn't be shipping the file in question. That
would introduce an external dependency, but it would only occur if someone is
actually running that test.t
was (Author: cgivre):
[~volodymyr]
I don't think so. I could find another file with TCP sessions, but I would
have to re-write all the unit tests for TCP Sessionization.
Alternatively, I could create a git repo and the test could d/l the file and
run the tests. That way we wouldn't be shipping the file in question. That
would introduce an external dependency, but it would only occur if someone is
actually running that test.t
> Malware found with some antiviruses in the Drill test resources folder
> ----------------------------------------------------------------------
>
> Key: DRILL-7484
> URL: https://issues.apache.org/jira/browse/DRILL-7484
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.17.0
> Reporter: Denys Ordynskiy
> Assignee: Charles Givre
> Priority: Major
> Attachments: photo_2019-12-11_17-07-45.jpg
>
>
> Avast antivirus found Threat "MPPT97:ShellCode-O [Expl]" in the Apache Drill
> sources.
> File with virus alert:
> https://github.com/apache/drill/commits/master/exec/java-exec/src/test/resources/store/pcap/attack-trace.pcap
> OS Windows 10.
> Free Avast antivirus v. 19.8.2393 (build 19.8.4793.544)
> Steps to reproduce:
> Download archive with Drill sources from GitHub
> - open Chrome browser;
> - go to https://github.com/apache/drill link;
> - open the "Clone or download" menu;
> - click the "Download ZIP" button and save archive on a disk.
> *Expected result* - archive successfully downloaded.
> *Actual result* - Chrome browser canceled the download and deleted Drill
> sources archive fron the disk. Avast showed an alert window with virus
> description. Screenshot is in the attachments.
> Clone Drill sources from GitHub using git console version
> - open CMD;
> - type "git clone https://github.com/apache/drill.git";;
> - scan clonned Drill sources folder using Avast antivirus.
> *Expected result* - Viruses were absent.
> *Actual result* - Avast showed an alert window with virus description.
> Here is the link with report from other antiviruses for this
> "attack-trace.pcap" file:
> https://r.virscan.org/language/en/report/4df38505462d3afedbbbff3d9217063d
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
