This is Avira, isn't it? Ddi you ever hear anything back from them about this? It seems like it really ought to be fixed on their end, though I applaud your spelunking for a workaround :)
On Tue, Mar 16, 2010 at 3:08 PM, Matt Mastracci <[email protected]>wrote: > On Mar 16, 12:42 pm, Matt Mastracci <[email protected]> wrote: > > > > Holy cow -- how do they think that is an acceptable measure? Surely > they could at least change the warning to say "potentially dangerous JS" or > something rather than declaring it a virus. > > > This probably will likely affect a significant number GWT applications > that use RPC. Avira seems to check files ending in .js* and .html* for this > pattern. I verified that the scanner intercepts these patterns in HTTP > traffic and detects them in IE cache files. There might be some negative > patterns as well: Avira doesn't block my message in the Google Groups web > interface, but it does block it when viewing the raw message source. > > Even better: it turns out that if you put the string "google" anywhere > in the file matching CryptedGen, it no longer matches the heuristic. I > imagine that it would pick up the string from the class metadata for > those not using -XdisableClassMetadata. > > So this is a virus: > > "for eval .fromcharcode .charcodeat math.min 0,0,0,0,0,0" > > And this is not: > > "google for eval .fromcharcode .charcodeat math.min 0,0,0,0,0,0" > > The easiest solution for us seems to be putting the string "Google Web > Toolkit" in a comment in our header. > > Matt. > > -- > http://groups.google.com/group/Google-Web-Toolkit-Contributors > -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
