-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avast #51
Comments
It's bad. In a few days i'll try to contact with Avast and describe this problem. Can you attach working sample with obfuscated code that trigger Avast antivirus? |
Mind that it is highly unlikely that it only has to do with Avast. I'm guessing that many more antiviruses see that code as a threat. It's just that I only tried on Avast. |
How i can reproduce this on Mac? It's Avast extension for browser? Can you try to run Uglify.js over obfuscated code and check with Avast again? Still detecting as virus threat? |
Got it on your file with https://www.virustotal.com/ru/ |
Please try to run Uglify.js over obfuscated code or try latest beta with |
Of course, the result isn't any different than it would be if you ran Uglify over that script. Ran it uglified on VirusTotal and got a |
same here 😞 |
I should do research. if anyone have information - why some antiviruses mark obfuscated code as threat - i will very happy. |
@sanex3339 Actually this issue is critical blocker for production use :/ |
Hi, no. But please try to use latest beta: 0.10.0-beta.8. |
Hi. Please try new |
ping |
My code's changed a bit, but if it still has the same features that brought up the warnings you can experiment converting http://fsymbols.com/tell/main.a51a389b.js at any time with settings you're interested about and checking with VT to see how the antiviruses react. No need for waiting. If this code doesn't trigger errors even with an earlier obfuscatior, I'll try to find you an earlier version that may. |
Hi. After some tests i noticed that Obfuscator doing transformation of object keys:
into this form:
And then moving this string literal 'bar' to the string array. Solution - enable |
Ping. Any news? |
No news here. =) |
Hey, sorry for long silence from my side. I haven't tested new release on production since we've refused obfuscation on production because of complaints from users about antivirus notification. This was critical for our product. Anyway I'll try to find a minute to test it on stage server in nearest days. |
Please, check |
ping |
Tested it now with command No false positive alerts. But enabling of I think, i should add some information about this into readme |
Just added some clarification about antiviruses |
Also you can attach all files with false positive in Avast here: |
Also i wrote letter to |
I got this same issue back in 2011 with an obfuscated, using Jscrambler, MooTools library I'd written. I've long lost the source code of that lib (was using the obfuscated version in a CodeCanyon demo), but I vividly remember an issue where my hosting provider got quite concerned because of a virus report they received due to that obfuscated javascript file. Googling the name of the library returned a forum post [1] listing the MD5 hash of that file, along with the false-positive virus name: Looking it up with VirusTotal results that it's clean [2]. [1] https://www.malwaredomainlist.com/forums/index.php?topic=3190.2280 |
hi, please look, i try install this version 0.14.0 today but is not possible in npm(windows visual studio 2017 npm native). |
Hi, please make separate issue and describe all your steps and errors (if they was) |
I can't install it now:
Avast 13.4 with virus definitions(18030400) steps in and puts in quarantine:
|
Uploading the |
Interesting. Avast and AVG is triggering on this lines: When i removed this lines, all checks are passed. |
When i changed this lines on this var firstElement;
while (--times) {
firstElement = array.shift();
array.push(firstElement);
} All checks are passed, so today or tomorrow i'll release 0.14.4 with this fix. |
Looks like new version is redundant. So, we should wait until tomorrow. |
@Tech1e Please, check again. Looks like |
Looks like no more problems with it. Reopen issue if you will have problems with avast. |
Anyone runs into this issue this week? |
@sanex3339 Yes for some reason Avast and Bitdefender detects the obfuscated code as malicious again. |
Can you test with 0.16.0 version please? |
Hi, for some reason the detection occurs when either mangled or hexadecimal options selected and a prefix is used , if you will use only hexadecimal no detection will occur. |
Is this false positive alert ocurred if output file looks like this?:
|
This is still a problem in ES3 where var is being used. |
@cliqer is right , i've made a program based on mshta and i'm fasing the same problem |
I'm getting Avast antivirus detecting my script as false positive virus threat.
my config used to be:
I also tried "lowest" settings, but it still detected as false positive. Forgone the obfuscation altogether and it stopped complaining.
The text was updated successfully, but these errors were encountered: