[gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
These warnings has popped up for many compiled GWT applications for me. The threat is that hidden malicious code can exist inside the JavaScript. So, GWT is under heavy threats node due to their js compilation. There's a quite random state whether the virus signature is found or not, so i hope that the GWT group takes a discussion with the Avira team about this. -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
Re: [gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
I got a report of a user seeing the same signature on our website. I've got a second submission in the queue to cover that one as well. They've got a testing license that I should be able to download and use to reduce when I have a second. On 2009-12-09, at 11:29 AM, Joel Webber wrote: > Were you able to get any information on the signature (assuming it's > signature-based) from Avira? Their page on the subject is, uh, less > than useful. > > On Wed, Dec 9, 2009 at 1:09 PM, Matt Mastracci > wrote: > We've just had reports of people seeing this while installing our > chrome extension. I'm not near a Windows VM right now, but I can see > if it's easy to reproduce when I get back: > > http://getsatisfaction.com/dotspots/topics/dotspots_plugin_for_chrome_installer_problems > > There's a lot of embedded CSS in the script, as well as HTML snippets. > It's the same virus report as Daniel earlier: "HTML/Crypted.Gen". > > Matt. > > On 30-Nov-09, at 9:20 AM, Joel Webber wrote: > > > If you can find out what was triggering this from Avira, I'd really > > like to see it. This is probably the third-ish time we've seen a > > report like this, and it would be really helpful to understand what > > kind of virus snippets they're looking for. If there's something we > > can do in our code gen to avoid the problem in the future, it would > > probably be worth it. > > > > On Mon, Nov 30, 2009 at 10:19 AM, Thomas Broyer > > wrote: > > > > On Nov 30, 3:43 pm, BobV wrote: > > > On Sat, Nov 28, 2009 at 10:54 AM, Ray Ryan > wrote: > > > > Does one app make heavier use of CssResource than the other? A > > bell is > > > > ringing about mhtml security concerns. Or did we back out our > > mhtml use? > > > > > > I disabled MHTML support in r6839 (trunk) and r6840 (2.0) > because it > > > has too many browser/OS gotchas to be reliable for the 2.0 > release. > > > > And it couldn't have been MHTML in our case, as we're serving the > app > > with HTTPS, which is sniffed in MhtmlClientBundleGenerator to fall > > back to a "one file/request per resource" (otherwise, the "mhtml:" > > pseudo-protocol causes a "mixed content" warning in IE). > > > > -- > > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > > > > > -- > > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
Re: [gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
I just submitted the samples a short while ago. The status is currently "Our Virus Research Team still works on your submission". The automated system gave me these URLs to follow the progress of the submission. I hope something useful will show up here when they are processed: http://analysis.avira.com/samples/details.php?uniqueid=B8Q5Urw04jQTrwPBhzSHkqBxYqh48wjz&incidentid=408384 http://analysis.avira.com/samples/details.php?uniqueid=B8Q5Urw04jQTrwPBhzSHkqBxYqh48wjz On 9-Dec-09, at 10:29 AM, Joel Webber wrote: > Were you able to get any information on the signature (assuming it's > signature-based) from Avira? Their page on the subject is, uh, less > than useful. > > On Wed, Dec 9, 2009 at 1:09 PM, Matt Mastracci > wrote: > We've just had reports of people seeing this while installing our > chrome extension. I'm not near a Windows VM right now, but I can see > if it's easy to reproduce when I get back: > > http://getsatisfaction.com/dotspots/topics/dotspots_plugin_for_chrome_installer_problems > > There's a lot of embedded CSS in the script, as well as HTML snippets. > It's the same virus report as Daniel earlier: "HTML/Crypted.Gen". > > Matt. > > On 30-Nov-09, at 9:20 AM, Joel Webber wrote: > > > If you can find out what was triggering this from Avira, I'd really > > like to see it. This is probably the third-ish time we've seen a > > report like this, and it would be really helpful to understand what > > kind of virus snippets they're looking for. If there's something we > > can do in our code gen to avoid the problem in the future, it would > > probably be worth it. > > > > On Mon, Nov 30, 2009 at 10:19 AM, Thomas Broyer > > wrote: > > > > On Nov 30, 3:43 pm, BobV wrote: > > > On Sat, Nov 28, 2009 at 10:54 AM, Ray Ryan > wrote: > > > > Does one app make heavier use of CssResource than the other? A > > bell is > > > > ringing about mhtml security concerns. Or did we back out our > > mhtml use? > > > > > > I disabled MHTML support in r6839 (trunk) and r6840 (2.0) > because it > > > has too many browser/OS gotchas to be reliable for the 2.0 > release. > > > > And it couldn't have been MHTML in our case, as we're serving the > app > > with HTTPS, which is sniffed in MhtmlClientBundleGenerator to fall > > back to a "one file/request per resource" (otherwise, the "mhtml:" > > pseudo-protocol causes a "mixed content" warning in IE). > > > > -- > > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > > > > > -- > > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
Re: [gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
Were you able to get any information on the signature (assuming it's signature-based) from Avira? Their page on the subject is, uh, less than useful. On Wed, Dec 9, 2009 at 1:09 PM, Matt Mastracci wrote: > We've just had reports of people seeing this while installing our > chrome extension. I'm not near a Windows VM right now, but I can see > if it's easy to reproduce when I get back: > > > http://getsatisfaction.com/dotspots/topics/dotspots_plugin_for_chrome_installer_problems > > There's a lot of embedded CSS in the script, as well as HTML snippets. > It's the same virus report as Daniel earlier: "HTML/Crypted.Gen". > > Matt. > > On 30-Nov-09, at 9:20 AM, Joel Webber wrote: > > > If you can find out what was triggering this from Avira, I'd really > > like to see it. This is probably the third-ish time we've seen a > > report like this, and it would be really helpful to understand what > > kind of virus snippets they're looking for. If there's something we > > can do in our code gen to avoid the problem in the future, it would > > probably be worth it. > > > > On Mon, Nov 30, 2009 at 10:19 AM, Thomas Broyer > > wrote: > > > > On Nov 30, 3:43 pm, BobV wrote: > > > On Sat, Nov 28, 2009 at 10:54 AM, Ray Ryan wrote: > > > > Does one app make heavier use of CssResource than the other? A > > bell is > > > > ringing about mhtml security concerns. Or did we back out our > > mhtml use? > > > > > > I disabled MHTML support in r6839 (trunk) and r6840 (2.0) because it > > > has too many browser/OS gotchas to be reliable for the 2.0 release. > > > > And it couldn't have been MHTML in our case, as we're serving the app > > with HTTPS, which is sniffed in MhtmlClientBundleGenerator to fall > > back to a "one file/request per resource" (otherwise, the "mhtml:" > > pseudo-protocol causes a "mixed content" warning in IE). > > > > -- > > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > > > > > -- > > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors > -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
Re: [gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
We've just had reports of people seeing this while installing our chrome extension. I'm not near a Windows VM right now, but I can see if it's easy to reproduce when I get back: http://getsatisfaction.com/dotspots/topics/dotspots_plugin_for_chrome_installer_problems There's a lot of embedded CSS in the script, as well as HTML snippets. It's the same virus report as Daniel earlier: "HTML/Crypted.Gen". Matt. On 30-Nov-09, at 9:20 AM, Joel Webber wrote: > If you can find out what was triggering this from Avira, I'd really > like to see it. This is probably the third-ish time we've seen a > report like this, and it would be really helpful to understand what > kind of virus snippets they're looking for. If there's something we > can do in our code gen to avoid the problem in the future, it would > probably be worth it. > > On Mon, Nov 30, 2009 at 10:19 AM, Thomas Broyer > wrote: > > On Nov 30, 3:43 pm, BobV wrote: > > On Sat, Nov 28, 2009 at 10:54 AM, Ray Ryan wrote: > > > Does one app make heavier use of CssResource than the other? A > bell is > > > ringing about mhtml security concerns. Or did we back out our > mhtml use? > > > > I disabled MHTML support in r6839 (trunk) and r6840 (2.0) because it > > has too many browser/OS gotchas to be reliable for the 2.0 release. > > And it couldn't have been MHTML in our case, as we're serving the app > with HTTPS, which is sniffed in MhtmlClientBundleGenerator to fall > back to a "one file/request per resource" (otherwise, the "mhtml:" > pseudo-protocol causes a "mixed content" warning in IE). > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors > > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
Re: [gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
If you can find out what was triggering this from Avira, I'd really like to see it. This is probably the third-ish time we've seen a report like this, and it would be really helpful to understand what kind of virus snippets they're looking for. If there's something we can do in our code gen to avoid the problem in the future, it would probably be worth it. On Mon, Nov 30, 2009 at 10:19 AM, Thomas Broyer wrote: > > On Nov 30, 3:43 pm, BobV wrote: > > On Sat, Nov 28, 2009 at 10:54 AM, Ray Ryan wrote: > > > Does one app make heavier use of CssResource than the other? A bell is > > > ringing about mhtml security concerns. Or did we back out our mhtml > use? > > > > I disabled MHTML support in r6839 (trunk) and r6840 (2.0) because it > > has too many browser/OS gotchas to be reliable for the 2.0 release. > > And it couldn't have been MHTML in our case, as we're serving the app > with HTTPS, which is sniffed in MhtmlClientBundleGenerator to fall > back to a "one file/request per resource" (otherwise, the "mhtml:" > pseudo-protocol causes a "mixed content" warning in IE). > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors > -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
On Nov 30, 3:43 pm, BobV wrote: > On Sat, Nov 28, 2009 at 10:54 AM, Ray Ryan wrote: > > Does one app make heavier use of CssResource than the other? A bell is > > ringing about mhtml security concerns. Or did we back out our mhtml use? > > I disabled MHTML support in r6839 (trunk) and r6840 (2.0) because it > has too many browser/OS gotchas to be reliable for the 2.0 release. And it couldn't have been MHTML in our case, as we're serving the app with HTTPS, which is sniffed in MhtmlClientBundleGenerator to fall back to a "one file/request per resource" (otherwise, the "mhtml:" pseudo-protocol causes a "mixed content" warning in IE). -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
Re: [gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
On Sat, Nov 28, 2009 at 10:54 AM, Ray Ryan wrote: > Does one app make heavier use of CssResource than the other? A bell is > ringing about mhtml security concerns. Or did we back out our mhtml use? I disabled MHTML support in r6839 (trunk) and r6840 (2.0) because it has too many browser/OS gotchas to be reliable for the 2.0 release. -- Bob Vawter Google Web Toolkit Team -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
Re: [gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
Does one app make heavier use of CssResource than the other? A bell is ringing about mhtml security concerns. Or did we back out our mhtml use? On Nov 28, 2009 7:22 AM, "Thomas Broyer" wrote: On 28 nov, 12:29, dflorey wrote: > Thanks for your suggestion! I've uplo... My boss is using Avira on his laptop, and our app is classified as malware too. A test instance, for our client to track progress, is available at https://ubic.atolcd.com/ and https://ubic.atolcd.com/digitizer.html, AFAIK only the second app (at digitizer.html) triggers Avira, while both are compiled with 2.0.0 RC2. The main difference is that "index.html" is a "legacy" app originally developped with GWT 1.5 and then ported to GWT 1.7 and now GWT 2.0; while "digitizer.html" is a brain new app making extensive use of UiBinder; so maybe what triggers Avira is the inclusion of HTML snippets in script? -- http://groups.google.com/group/Google-Web-Toolkit-Contributors -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
On 28 nov, 12:29, dflorey wrote: > Thanks for your suggestion! I've uploaded a generated file and will > post the response to this thread. > I was wondering if all gwt-generated files will be classified as > malware by Avira or if it depends on some generated javascript > snippets. My boss is using Avira on his laptop, and our app is classified as malware too. A test instance, for our client to track progress, is available at https://ubic.atolcd.com/ and https://ubic.atolcd.com/digitizer.html, AFAIK only the second app (at digitizer.html) triggers Avira, while both are compiled with 2.0.0 RC2. The main difference is that "index.html" is a "legacy" app originally developped with GWT 1.5 and then ported to GWT 1.7 and now GWT 2.0; while "digitizer.html" is a brain new app making extensive use of UiBinder; so maybe what triggers Avira is the inclusion of HTML snippets in script? -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
Thanks for your suggestion! I've uploaded a generated file and will post the response to this thread. I was wondering if all gwt-generated files will be classified as malware by Avira or if it depends on some generated javascript snippets. On Nov 24, 4:58 pm, Matt Mastracci wrote: > The best approach is probably to upload the file in question to > Avira's false-positive reporting page: > > http://analysis.avira.com/samples/index.php > > On 24-Nov-09, at 8:19 AM, dflorey wrote: > > > > > Am I the only one with this issue? > > > On 19 Nov., 17:29, dflorey wrote: > >> Hi, > >> since a few weeksAviraAntiVir is generating warnings when accessing > >> gwt-generated files: > > >> When accessing data from the URL, "http:// > >> allcontacts.southpolecarbon.com/sharedcontacts/ > >> C7C22E75261E4D2C9C7FAF82B71C40B0.cache.html" > >> a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found. > >> Action taken: Ignored > > >> Any ideas how to get rid of these warnings? > > > -- > >http://groups.google.com/group/Google-Web-Toolkit-Contributors -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
Re: [gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
The best approach is probably to upload the file in question to Avira's false-positive reporting page: http://analysis.avira.com/samples/index.php On 24-Nov-09, at 8:19 AM, dflorey wrote: > Am I the only one with this issue? > > On 19 Nov., 17:29, dflorey wrote: >> Hi, >> since a few weeksAviraAntiVir is generating warnings when accessing >> gwt-generated files: >> >> When accessing data from the URL, "http:// >> allcontacts.southpolecarbon.com/sharedcontacts/ >> C7C22E75261E4D2C9C7FAF82B71C40B0.cache.html" >> a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found. >> Action taken: Ignored >> >> Any ideas how to get rid of these warnings? > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Avira is showing warning when accessing gwt-generated files
Am I the only one with this issue? On 19 Nov., 17:29, dflorey wrote: > Hi, > since a few weeksAviraAntiVir is generating warnings when accessing > gwt-generated files: > > When accessing data from the URL, "http:// > allcontacts.southpolecarbon.com/sharedcontacts/ > C7C22E75261E4D2C9C7FAF82B71C40B0.cache.html" > a virus or unwanted program 'HTML/Crypted.Gen' [virus] was found. > Action taken: Ignored > > Any ideas how to get rid of these warnings? -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
