On Mar 16, 12:42 pm, Matt Mastracci <matt...@mastracci.com> wrote: > > Holy cow -- how do they think that is an acceptable measure? Surely they > > could at least change the warning to say "potentially dangerous JS" or > > something rather than declaring it a virus.
> This probably will likely affect a significant number GWT applications that > use RPC. Avira seems to check files ending in .js* and .html* for this > pattern. I verified that the scanner intercepts these patterns in HTTP > traffic and detects them in IE cache files. There might be some negative > patterns as well: Avira doesn't block my message in the Google Groups web > interface, but it does block it when viewing the raw message source. Even better: it turns out that if you put the string "google" anywhere in the file matching CryptedGen, it no longer matches the heuristic. I imagine that it would pick up the string from the class metadata for those not using -XdisableClassMetadata. So this is a virus: "for eval .fromcharcode .charcodeat math.min 0,0,0,0,0,0" And this is not: "google for eval .fromcharcode .charcodeat math.min 0,0,0,0,0,0" The easiest solution for us seems to be putting the string "Google Web Toolkit" in a comment in our header. Matt. -- http://groups.google.com/group/Google-Web-Toolkit-Contributors