mediawiki.log.js is quarantined by Comodo anti-virus, unpredictable failures result
Closed, DeclinedPublic
Actions

Assigned To

None

Authored By

	• Spage
	Aug 28 2015, 1:36 AM

Description

@Volker_E noticed mediawiki.log.js was being removed from his local MediaWiki install. After a lot of head scratching we realized his antivirus Comodo is quarantining the file because it is "Heur.Dual.Extensions" malware. If WIndows is configured to hide extensions, you see a benign-looking mediawiki.log file that would normally open in an editor, but in fact it's a potentially-executable JavaScript file. resources/src is full of other files named something.other.js but this is the only one that "masquerades" as a recognized filetype.

This has come up before, see old Support_desk thread. Also a web search for "mediawiki.log.js" antivirus shows lots of generic ad-filled search results, suggesting that this file is triggering virus warnings on a wide enough scale for spammers to make fake pages for it :-) The fix is easy, rename this one file to mediawiki.logger.js

Surprisingly, his local MediaWiki install worked fine without this file until he tried using a different skin in debug mode, then the early loading of the 'mediawiki' module silently failed with almost no JavaScript loaded. "Silently" as in no errors shown in browser console in regular or RL debug mode. It wasn't until we enabled wgDebugLogFile that we saw

[exception] [43c87615] 
  /load.php?debug=true&lang=de&modules=jquery%2Cmediawiki&only=scripts&skin=blueprint&version=80XVutC9   MWException 
  from line 850 of 
    D:\htdocs\Wikimedia\core\includes\resourceloader\ResourceLoaderFileModule.php: 
ResourceLoaderFileModule::readScriptFiles: script file not found: 
    "D:\htdocs\Wikimedia\core/resources/src/mediawiki/mediawiki.log.js"

"Almost no JavaScript" as in the browser window has a $ jQuery object but no mw or mediaWiki object, and so all MediaWiki JS enhancements are broken. It feels like a bug in RL that it should be so fundamentally broken without any indication in the browser, but maybe mediawiki.log.js is the file that would report these problems! :-)

Details

	Subject	Repo	Branch	Lines +/-
	Rename mediawiki.log.js so anti-virus won't delete	mediawiki/core	master	+1 -1

Customize query in gerrit

Related Objects

Mentioned In: T110659: Log load.php exceptions to JavaScript console
Mentioned Here: T110659: Log load.php exceptions to JavaScript console

Event Timeline

• Spage created this task.Aug 28 2015, 1:36 AM

• Spage raised the priority of this task from to High.

• Spage updated the task description. (Show Details)

• Spage added projects: JavaScript, MediaWiki-ResourceLoader.

• Spage added subscribers: • Spage, Volker_E.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 28 2015, 1:36 AM

• Spage added a comment.Aug 28 2015, 3:46 AM

This comment was removed by • Spage.

• Spage updated the task description. (Show Details)Aug 28 2015, 3:52 AM

• Spage set Security to None.

Change 234463 had a related patch set uploaded (by Spage):
Rename mediawiki.log.js so anti-virus won't delete

https://gerrit.wikimedia.org/r/234463

gerritbot added a project: Patch-For-Review.Aug 28 2015, 4:02 AM

you see a benign-looking mediawiki.log file that would normally open in an editor, but in fact it's a potentially-executable JavaScript file.

This is incorrect. .js files are not executable. There is no sensible way one could imagine them executing through user interaction. You'd have to read the file as a program on the command line with nodejs. Or load it as part of an HTML document somehow.

I'm inclined to decline this issue on the basis that it's incompetence in anti-virus software we can't feasibly start to worry and bend our software for. Not unless it's affecting some portion of end-users.

This only affects debug mode. And it only affects debug mode on your local developer install. (E.g. when the files in question are located on-disk) It doesn't affect the web browser and you can still use debug mode from an affected computer on remote wikis like www.mediawiki.org and beta cluster.

anti-virus deleted the file

I don't know in what way it deletes it, but I assume this deleted file would continuously show up as an error in the git bash PS1 and/or whenever you manually run git status in the MediaWiki work space.

Krinkle moved this task from Inbox to Backlog on the MediaWiki-ResourceLoader board.Aug 28 2015, 9:56 AM

This is incorrect. .js files are not executable. There is no sensible way one could imagine them executing through user interaction

Windows script host?

Nonetheless, I do agree with you, it seems like this would be bowing to the requirements of really silly software...

Krinkle mentioned this in T110659: Log load.php exceptions to JavaScript console.Aug 28 2015, 10:03 AM

In T110630#1582809, @gerritbot wrote:

Rename mediawiki.log.js so anti-virus won't delete

So if the next "anti-virus" software dislikes index.html we'd also rename?
I'd rather contact authors of broken software instead of renaming our files. Or get better software.

Krinkle closed this task as Declined.Sep 4 2015, 2:56 AM

Krinkle removed a project: Patch-For-Review.

I agree, that incompetence of other special software doesn't call for any change. Just two more additions to the original bug report: I've sent in the file as false positive (or better 'false negative' in this case) to Comodo v. 8.2.
Second, it ~~wasn't~~ was affecting debug mode only. When switching skin, the normal MW error handling didn't give any insights, that this missing file is causing the ResourceLoader problems with the other skin. Hope, that T110659 will improve this for good.

Update: Clarification thanks to @Krinkle -- affected debug mode only.

Change 234463 abandoned by Krinkle:
Rename mediawiki.log.js so anti-virus won't delete