[Search wiki] HEUR/HTML.Malware [Was: virus ? and some questions]
bartek at wikia.com
bartek at wikia.com
Wed Oct 22 11:16:01 UTC 2008
Hi,
The second link is the significant one, (
http://www.avira.com/en/threats/section/fulldetails/id_vir/4142/heur_html.malware.html
) it shows that this is a generaliesd "catch-all" for suspect HTML files.
That means that false positives are likely, and highly likely in this
case. Avira may not be your scanner (or Simone's scanner) neither of you
specified... but it seems clear that the issue is related to the avira
heuristic detection routine.
The create page extension shouldn't have been on for Search, which is why
there were some strange parts in the code. But it's off now, and
shouldn't be causing any more problems. As far as I know, there are no
off-Wikia sites using this extension, so nothing to compare with.
But turning the extension off should have solved the issue. Please let me
know if you see it again.
Thanks, Bartek
> bartek at wikia.com wrote:
>> Sounds like a false positive.
>>
>> See:
>> http://groups.google.com/group/sites-help-howtoend/browse_thread/thread/bda64e910b62e1b5
>> (people have problems with it)
> Is that post talking about the same software (WikiWyg)? Doesn't look
> like that to me.
>
>> http://www.avira.com/en/threats/section/fulldetails/id_vir/4142/heur_html.malware.html
>> ...
>> You clearly are more informed than me, since I don't know the names of
>> both scanners you did use :)
> Both? I just use one virus scanner. :-)
>
>> I don't even know from what location it was accessed. You didn't write
>> that...
> "Location"? If you mean the parent URL that leads to the file, look at
> Simone's first line, she wrote "..wiki/special:createpage".
> I guess that Simone is talking about
> http://search.wikia.com/wiki/Special:Createpage . That page loads
> http://search.wikia.com//extensions/wikiwyg/share/MediaWiki/MediaWikiWyg.js?2662
> , which is the file in question.
>
> Stupid question: What is http://search.wikia.com/wiki/Special:Createpage
> supposed to do? On that page, I never do see a WYSIWYG editor, no
> matter which browser I use (and yes, I temporarily disabled the scanner
> before trying this).
>
> Could that be due to the JavaScript errors that I get when I open
> http://search.wikia.com/wiki/Special:Createpage ?
>
> In file
> http://search.wikia.com//extensions/wikiwyg/share/MediaWiki/MediaWikiWyg.js?2662
> on line 48:
>
> /* Yahoo stuff - Bartek Łapiński */
> YAHOO.namespace('Wikia');
>
> "YAHOO" is not defined (it is used several times further on).
>
> In file
> http://search.wikia.com/extensions/wikia/CreatePage/js/createpage.js
> on line 197:
>
> proto = new Subclass('Wikiwyg.Test', 'Wikiwyg');
>
> "Subclass" is not defined.
>
> There is also an XML error in file
> http://search.wikia.com/wiki/Special:Createpage on line 167, the
> textarea is "closed" twice.
>
>>> What can we compare it with to verify that it is benign?
>> What do you mean? Code analysis or the origin?
>
> I would just like to compare the file with another copy from a different
> site, if possible (maybe you mean that by "origin").
> Since the file is a sequence of files, we may have to get those
> individual files and concatenate them before comparing.
>
> >> How is the file constructed?
> > Concatenated from smaller, lib files (not on the fly), but for the time
> > being it's just loaded, since the file is already pre-generated.
> What is the code that does that?
>
> Rainer
>
>
>
More information about the SearchWiki
mailing list