SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict ruba's Avatar
    Join Date
    Apr 2005
    Location
    Amman -Jordan
    Posts
    339
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    why this code is a virus in macafee

    Hi every body ,
    I make a small advertise system, every thing work on with it
    when I make it online macafee antivars detect it as a virus i don't know why
    here is the code
    Code:
    function getexpirydate( nodays){
    	var UTCstring;
    	Today = new Date();
    	nomilli=Date.parse(Today);
    	Today.setTime(nomilli+nodays*24*60*60*1000);
    	UTCstring = Today.toUTCString();
    	return UTCstring;
    }//end function getexpirydata
    
    function setcookie(name,value,duration){
    	cookiestring=name+"="+escape(value)+";EXPIRES="+getexpirydate(duration);
    	document.cookie=cookiestring;
    	if(!getcookie(name)){
    		return false;
    	} else {
    		return true;
    	}
    }//end set cookie
    
    function getcookie(cookiename) {
    	 var cookiestring=""+document.cookie;
    	 var index1=cookiestring.indexOf(cookiename);
    	 if (index1==-1 || cookiename=="") return ""; 
    		 var index2=cookiestring.indexOf(';',index1);
    	 if (index2==-1) index2=cookiestring.length; 
    		 return unescape(cookiestring.substring(index1+cookiename.length+1,index2));
    }//end get cookie
    
    var page_url = location.href;
    var domain   = page_url.split('/');
    
    
    
    var pageName = escape(page_url);
    
    var cookieVar = getcookie(domain[2]);
    
    if ( cookieVar == null || cookieVar == '' ) {
    	window.location = 'http://www.text.com/ar.php?page_name='+pageName
    }
    setcookie(domain[2], 'viewd', 1/24);
    please how can I solve this problem, I loose my members

  2. #2
    SitePoint Wizard siteguru's Avatar
    Join Date
    Oct 2002
    Location
    Scotland
    Posts
    3,631
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Are you sure it is reporting it as a VIRUS? Maybe it's just noting that the script is trying to create a COOKIE and dumb users are assuming "McAfee is reporting something therefore it must be a virus".
    Ian Anderson
    www.siteguru.co.uk

  3. #3
    SitePoint Addict ruba's Avatar
    Join Date
    Apr 2005
    Location
    Amman -Jordan
    Posts
    339
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ??

    the virus name is
    js/wonka
    I don't know what to do,
    I make many script that accept cookie, without any problem but when I run this file, Virus detect



    any body can tell me why and what I have to do?

  4. #4
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    http://vil.mcafeesecurity.com/vil/content/v_135834.htm

    Several cases have been reported to AVERT as potential incorrect identifications of JS/Wonka, which turned out to be accurate hits. These observations were typically made upon visiting hacked web pages. These hacked pages have an IFRAME inserted that point to an external website containing malware such as Exploit-Codebase, Exploit-ANIFile, W32/Dumaru.gen, and Exploit-MhtRedir.gen.

    This is a generic detection for highly obfuscated JavaScript. The signature is based on specfic characteristics of the encryption.
    Because this is a generic detection there is no specific description of the activity undertaken by JavaScript detected under this name, however these can include malicious activity such as downloading and executing files.
    Pay attention to the last paragraph. What this means is, that mcafee are being ridiculously paranoid. When mcafee can't see through your javascript code, it defaults to assume that it's malicious, even when it's not. That's paranoia. Besides that, javascript code can't even be malicious, so the assumptions are wrong in the first place.
    Your users will have to remove mcafee, or configure it to stop making such paranoid reports.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •