zip testdata: FuzzReader-raw.zip reported by clamav as Php.Exploit.CVE_2015_2331-2 #805
Comments
|
Appreciate all the work on this project! @klauspost could you please clarify whether the stated test data contains intentionally malformed data / document it ? It shows up in our scans and prevents us from using the library. Thank you! |
|
@Shrekster Yes. It is fuzz test data. Seems like they like to detect zip files that expand a lot. This is a natural part of regression testing. Not sure what you want to document. Use a better AV scanner. |
|
@klauspost Have you considered segregating the fuzz tests into a separate repo, so the test data is not included in dependent (downstream) projects? Thanks again for the work on this project. It is a quality library and we appreciate that fuzz testing makes it more robust and thus secure. |
|
Yes, I've considered it. Making tests depend on external data has its own downsides and the framework for it would have to be made. The fact that the continuous fuzzing uses it with some custom scripts, which is outside my control (and with little feedback). |
Not sure if this test artifact was intentionally placed as malformed data:
https://github.com/klauspost/compress/blob/master/zip/testdata/FuzzReader-raw.zip
More scans:
https://www.virustotal.com/gui/file/8b2655dc4480530e1a1d682ee27a823bcebddd1c4afb606e202e057419501e14/detection
The text was updated successfully, but these errors were encountered: