diff --git a/testing/btest/Traces/README b/testing/btest/Traces/README index 3f5666f07c..c8185dbea6 100644 --- a/testing/btest/Traces/README +++ b/testing/btest/Traces/README @@ -39,3 +39,7 @@ Trace Index/Sources: - http/docker-http-upgrade.pcap Provided by blightzero on #4068 https://github.com/zeek/zeek/issues/4068 +- pe/pe.trace + VirusTotal reports that this file contains malware. The PE analyzer was originally added + to decode info for malware, so this is expected. See + https://zeekorg.slack.com/archives/CSZBXF6TH/p1738261449655049 \ No newline at end of file