From a5b0a9467dbe0b589f6efe61632522f4cd590d64 Mon Sep 17 00:00:00 2001
From: Tim Wojtulewicz <tim@corelight.com>
Date: Thu, 30 Jan 2025 13:28:35 -0700
Subject: [PATCH] Add note to Traces/README about possible malware in
 pe/pe.trace

---
 testing/btest/Traces/README | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/testing/btest/Traces/README b/testing/btest/Traces/README
index 3f5666f07c..c8185dbea6 100644
--- a/testing/btest/Traces/README
+++ b/testing/btest/Traces/README
@@ -39,3 +39,7 @@ Trace Index/Sources:
 - http/docker-http-upgrade.pcap
   Provided by blightzero on #4068
   https://github.com/zeek/zeek/issues/4068
+- pe/pe.trace
+  VirusTotal reports that this file contains malware. The PE analyzer was originally added
+  to decode info for malware, so this is expected. See
+  https://zeekorg.slack.com/archives/CSZBXF6TH/p1738261449655049
\ No newline at end of file