Page MenuHomePhabricator

mediawiki.log.js is quarantined by Comodo anti-virus, unpredictable failures result
Closed, DeclinedPublic

Description

@Volker_E noticed mediawiki.log.js was being removed from his local MediaWiki install. After a lot of head scratching we realized his antivirus Comodo is quarantining the file because it is "Heur.Dual.Extensions" malware. If WIndows is configured to hide extensions, you see a benign-looking mediawiki.log file that would normally open in an editor, but in fact it's a potentially-executable JavaScript file. resources/src is full of other files named something.other.js but this is the only one that "masquerades" as a recognized filetype.

This has come up before, see old Support_desk thread. Also a web search for "mediawiki.log.js" antivirus shows lots of generic ad-filled search results, suggesting that this file is triggering virus warnings on a wide enough scale for spammers to make fake pages for it :-) The fix is easy, rename this one file to mediawiki.logger.js

Surprisingly, his local MediaWiki install worked fine without this file until he tried using a different skin in debug mode, then the early loading of the 'mediawiki' module silently failed with almost no JavaScript loaded. "Silently" as in no errors shown in browser console in regular or RL debug mode. It wasn't until we enabled wgDebugLogFile that we saw

[exception] [43c87615] 
  /load.php?debug=true&lang=de&modules=jquery%2Cmediawiki&only=scripts&skin=blueprint&version=80XVutC9   MWException 
  from line 850 of 
    D:\htdocs\Wikimedia\core\includes\resourceloader\ResourceLoaderFileModule.php: 
ResourceLoaderFileModule::readScriptFiles: script file not found: 
    "D:\htdocs\Wikimedia\core/resources/src/mediawiki/mediawiki.log.js"

"Almost no JavaScript" as in the browser window has a $ jQuery object but no mw or mediaWiki object, and so all MediaWiki JS enhancements are broken. It feels like a bug in RL that it should be so fundamentally broken without any indication in the browser, but maybe mediawiki.log.js is the file that would report these problems! :-)

Details

Related Gerrit Patches:

Event Timeline

Spage raised the priority of this task from to High.
Spage updated the task description. (Show Details)
Spage added subscribers: Spage, Volker_E.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 28 2015, 1:36 AM
This comment was removed by Spage.
Spage updated the task description. (Show Details)Aug 28 2015, 3:52 AM
Spage set Security to None.

Change 234463 had a related patch set uploaded (by Spage):
Rename mediawiki.log.js so anti-virus won't delete

https://gerrit.wikimedia.org/r/234463

Krinkle added a subscriber: Krinkle.EditedAug 28 2015, 9:51 AM

you see a benign-looking mediawiki.log file that would normally open in an editor, but in fact it's a potentially-executable JavaScript file.

This is incorrect. .js files are not executable. There is no sensible way one could imagine them executing through user interaction. You'd have to read the file as a program on the command line with nodejs. Or load it as part of an HTML document somehow.

I'm inclined to decline this issue on the basis that it's incompetence in anti-virus software we can't feasibly start to worry and bend our software for. Not unless it's affecting some portion of end-users.

This only affects debug mode. And it only affects debug mode on your local developer install. (E.g. when the files in question are located on-disk) It doesn't affect the web browser and you can still use debug mode from an affected computer on remote wikis like www.mediawiki.org and beta cluster.

anti-virus deleted the file

I don't know in what way it deletes it, but I assume this deleted file would continuously show up as an error in the git bash PS1 and/or whenever you manually run git status in the MediaWiki work space.

This is incorrect. .js files are not executable. There is no sensible way one could imagine them executing through user interaction

Windows script host?

Nonetheless, I do agree with you, it seems like this would be bowing to the requirements of really silly software...

Rename mediawiki.log.js so anti-virus won't delete

So if the next "anti-virus" software dislikes index.html we'd also rename?
I'd rather contact authors of broken software instead of renaming our files. Or get better software.

Krinkle closed this task as Declined.Sep 4 2015, 2:56 AM
Krinkle removed a project: Patch-For-Review.
Volker_E added a comment.EditedSep 4 2015, 3:27 AM

I agree, that incompetence of other special software doesn't call for any change. Just two more additions to the original bug report: I've sent in the file as false positive (or better 'false negative' in this case) to Comodo v. 8.2.
Second, it wasn't was affecting debug mode only. When switching skin, the normal MW error handling didn't give any insights, that this missing file is causing the ResourceLoader problems with the other skin. Hope, that T110659 will improve this for good.

Update: Clarification thanks to @Krinkle -- affected debug mode only.

Change 234463 abandoned by Krinkle:
Rename mediawiki.log.js so anti-virus won't delete

https://gerrit.wikimedia.org/r/234463