Detection issue with nested ZIP archives containing EICAR test file #796
Comments
|
What is the value of max recurse in your case? -> https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/extractor.yml.sample#L10 Unless it's broken, you can increase it as much as you needed. And if max_is_error is |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
It appears that when the EICAR test file is placed inside a ZIP archive, which is itself contained in another ZIP archive (i.e., a ZIP within a ZIP), Pandora does not detect the test malware.
Steps to reproduce:
eicar.zip).eicar.zipinside another ZIP archive (e.g.,nested.zip).nested.zipto Pandora for analysis.Expected behavior:
Pandora should recursively analyze nested archives and detect the EICAR test file inside.
Actual behavior:
No detection is triggered when the EICAR file is hidden in a ZIP-in-ZIP configuration.
Request:
Could support for recursive analysis of nested ZIP archives be added or improved?
The text was updated successfully, but these errors were encountered: