Following the question initially done in #201, I'd like to discuss it further.

After checking my sample RTF against VirusTotal, although harmless, it does trigger around 8 engines (due to heuristic checks). I've tried to change it a bit but the result was the same. I also believe that we will eventually face similar situations since we will need to simulate real malware in order to create better unit tests.

I've come up with three possible solutions (after talking to people from Intra2net):

• Encrypt or base64-encode the test data and decrypt/decode when running each test. Some utils.py file in the test folder would help here.
• Move the code to a secondary repository which contains only the unit tests and reference it as a submodule so Travis can clone it when checking PRs and commits.
• Each test creates its own test data before running, but this might get complicated and hard to maintain when dealing with complex cases.

Any other suggestion?