CA issues false warning on JavaScript apps
Posted On Wednesday, January 2, 2008 at at 1/02/2008 09:51:00 PM by nullA mis-firing anti-virus update from CA issued on Monday wrongly identified legitimate JavaScript files as a virus.
The eTrust signature update wrongly identified JSQuery (a JavaScript AJAX library) and Mootools (a JavaScript web 2.0 library) and other complex JavaScript packages as being contaminated with the Snz-A JasaScript malware. Users running CA eTrust (also known as Vet Anti-Virus) who applied the dodgy update were liable to find themselves confronted by false alarms that their systems were infected when visiting legitimate websites, causing unnecessary alarm in the process.
The dodgy update reportedly is 31.3.5417, dated December 31. Faulty anti-virus signature updates are not uncommon across the industry and CA can be expected to respond quickly to the problem by pulling the dodgy update and issuing a replacement. In the meantime users hit by the slip-up are posting their gripes and comparing experiences in various online blogs and forums (example here).
A post to the Mootools forum reports the false alarm but there's no official word from CA, either on its site or in response to our queries, as yet