Bug 14649 - McAfee Antivirus reports false positive when checking out WebKit source on Windows
Summary: McAfee Antivirus reports false positive when checking out WebKit source on Wi...
Status: RESOLVED DUPLICATE of bug 14519
Alias: None
Product: WebKit
Classification: Unclassified
Component: Evangelism (show other bugs)
Version: 523.x (Safari 3)
Hardware: Macintosh Windows XP
: P2 Normal
Assignee: Nobody
URL: http://cs.mcafeehelp.com/?siteID=1
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-17 13:48 PDT by David Kilzer (:ddkilzer)
Modified: 2019-05-19 12:53 PDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2007-07-17 13:48:23 PDT
Per the webkit-dev mailing list, certain McAfee Antivirus products report a false-positive when checking out the WebKit source on Windows.

http://lists.macosforge.org/pipermail/webkit-dev/2007-July/002152.html
http://lists.macosforge.org/pipermail/webkit-dev/2007-July/002155.html

They should be evangelized to fix the issue so these false-positives are not reported.

If anyone at McAfee is trying to reproduce the issue, they should follow these instructions for checking out source code:

http://webkit.org/building/tools.html
http://webkit.org/building/checkout.html
Comment 1 David Kilzer (:ddkilzer) 2007-07-17 14:18:48 PDT
Sent email to McAfee customer service regarding this issue.  (Updated URL where I found the customer service email form online.)

Comment 2 David Kilzer (:ddkilzer) 2007-07-17 14:21:15 PDT
(In reply to comment #1)
> Sent email to McAfee customer service regarding this issue. 

Dear David Kilzer

This is a system-generated email. We have received your online request for
 support at http://www.mcafeehelp.com. The case number associated with your online
 request is 23703946. The estimated time it will take us to respond to your issue
 is 18 hours. Please do not respond to this email.

Thank you for using http://www.mcafeehelp.com for all your support needs!

Sincerely,


McAfee Consumer Support

Comment 3 David Kilzer (:ddkilzer) 2007-07-19 09:37:17 PDT
Technical support case id:  23720981
Free internet chat case id: 23725596

Comment 4 David Kilzer (:ddkilzer) 2007-07-19 10:00:13 PDT
* STEPS TO REPRODUCE

1. Follow the Windows instructions on this page to install Cygwin (Visual Studio/Visual C++ Express are not needed to reproduce the issue):  http://webkit.org/building/tools.html

2. Follow the Windows instructions on this page to check out the source code:  http://webkit.org/building/checkout.html

* EXPECTED RESULTS
The entire source code should be checked out without McAfee reporting a virus or a trojan.

* ACTUAL RESULTS
When HTML files from the "LayoutTests" directory are being checked out, McAfee reports a virus or a trojan in the source code.

Comment 5 David Kilzer (:ddkilzer) 2007-07-20 09:23:49 PDT
Partial transcript from free online chat:

[...]
David Kilzer: When the WebKit open source project is checked out on Windows with a McAfee antivirus product installed, it reports a trojan when there is no trojan. This is a "false positive" detection. 
Shinoj U.P.: David, let me know whether you are getting this popup in Macintosh 
David Kilzer: No new window popped open on my Mac just now. 
David Kilzer: I have pop-up blocking disabled in the Safari web browser as well. 
David Kilzer: Steps to reproduce this "false positive" are here: http://bugs.webkit.org/show_bug.cgi?id=14649#c4 
Shinoj U.P.: Thank you for the information you provided. Because this might be benificial for us. I will definitely report this to our research team. 
[...]

Comment 6 Robert Blaut 2008-06-06 02:11:50 PDT
Is the issue still replicable?
Comment 7 David Kilzer (:ddkilzer) 2008-06-06 16:17:19 PDT
(In reply to comment #6)
> Is the issue still replicable?

I was not affected by the issue, only tried to report it on behalf of others.  Haven't seen any complaints about it recently, though.
Comment 8 David Kilzer (:ddkilzer) 2008-09-24 14:59:47 PDT
(In reply to comment #7)
> I was not affected by the issue, only tried to report it on behalf of others. 
> Haven't seen any complaints about it recently, though.

Just had another report of that here:

https://lists.webkit.org/pipermail/webkit-dev/2008-September/005013.html

> "LayoutTests\fast\encoding\*\decoder-allow-null-chars.*" as containing
> "Exploit-ScriptNull (Trojan)".
Comment 10 Alexey Proskuryakov 2019-05-19 12:53:24 PDT

*** This bug has been marked as a duplicate of bug 14519 ***