i recently downloaded the installer for Kirta, a free and popular digital art program. after scanning the installer howver (i alwasy scan everything before i isntall) i get the error message that a file cant be scanned since ti was a decompression bomb. so i would like to ask first off if people here have some experience with krita and can vouch that it is harmless, and second, if future encounters with decompression bombs are likely harmless of if these really do have innate risks and dangers.

Decompression bombs was a trick used in the old days to crash the unpack/scan engine … have never seen a real one
They are also difficult to detect correct so most likely this is just a highly compressed file

upload suspicious file(s) to www.virustotal.com / www.metascan-online.com
if tested before, click rescan for a fresh result
post link to scan result here