source code is infected by malware.
SweetTddy opened this issue · comments
also been 2 years,is it out dated now?
You need to be more specific than that.
At the very least, you need to say why you think it's infected by malware. (eg. Did you download it and have a malware scanner yell at you? If so, it's entirely possible that the scanner is calling it malware simply because its makers have decided that "anything that tries to subvert the clearing of cookies is malware".)
I know that I have to temporarily turn off my ad-blocker to be able to comment here because it blocks all XMLHttpRequest calls to URLs containing the phrase "evercookie".
Thanks @ssokolow -- correct; there is no malware in evercookie, unless you consider an evasive, persistent tracker malware (which is the whole point of evercookie). It clearly isn't always wanted which is why some virus scanners will find it as offensive software.
your right sir, THIS IS GREAT PROJECT.....
BUT I THINK ITS NEEDED UPDATION NOW
I thought your a programmer so MORE EXPLANATION is not needed....
anyway download never completed, i tried 4-5 times ,,,BECAUSE avast stops its and says THREAT BLOCKED.
i see this is the reason in Browser Storage Mechanisms
[
--- Java JNLP PersistenceService
--- Java exploit CVE-2013-0422 - Attempts to escape the applet sandbox and write cookie data directly to the user's hard drive.
]
No Visitor will like that popup if evercookie serve that,,or may be will not able to open website because IF anti-virus is Smarter it will Automatically Block it.
Thanks Anyway CYA.....!
@SweetTddy Now that makes more sense as something to potentially address.
I always was kind of iffy on the merits of baking an honest-to-goodness exploit into something like this, given that it'd get patched away and could trip up scanners but it's been so long that I'd forgotten about it.
As for needing details, please understand that there are tons of malware-scanning products out there and virus/malware-scanning is such a rushed and hacky cat-and-mouse game that it's not unheard of for virus/malware scanners to have bugs that cause them to report problems when none exist.
Even with this, which is a legitimate case of an exploit tripping a scanner, over half of the 57 scanners supported by VirusTotal report nothing wrong.
Perhaps I can separate the CVE-related attacks (binaries if they're the only things triggering) into a separate repo that can be downloaded, along with the ability to easily enable/disable exploit-based techniques.