Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Virus scan results and LGPL question

    Our software packaging does a routine virus scan. It has the following lines in the result.

    This is version 2.2 of Smartgwt

    Code:
    [Found possible worm] <Heuristic-31 (not disinfectable)>        /abcd/abcd/xxx.war->abcd/abcd//sc/system/development/ISC_DataBinding.js
[Found possible worm] <Heuristic-31 (not disinfectable)>        /abcd/abcd/xx.war->WEB-INF/lib/smartgwt.jar->com/smartclient/tools/public/sc/system/development/ISC_DataBinding.js
    This is very likely a false positive, but the interesting thing I have found is when I read the comments inside this file ISC_DataBinding.js

    Code:
    File name is:

                com\smartclient\tools\public\sc\system\development\ISC_DataBinding.js

The notice reads:

/*

  SmartClient Ajax RIA system
  Version 8.0/LGPL Development Only (2010-05-18)

  Copyright 2000 and beyond Isomorphic Software, Inc. All rights reserved.
  "SmartClient" is a trademark of Isomorphic Software, Inc.

  LICENSE NOTICE
     INSTALLATION OR USE OF THIS SOFTWARE INDICATES YOUR ACCEPTANCE OF
     ISOMORPHIC SOFTWARE LICENSE TERMS. If you have received this file
     without an accompanying Isomorphic Software license file, please
     contact licensing@isomorphic.com for details. Unauthorized copying and
     use of this software is a violation of international copyright law.

  DEVELOPMENT ONLY - DO NOT DEPLOY
     This software is provided for evaluation, training, and development
     purposes only. It may include supplementary components that are not
     licensed for deployment. The separate DEPLOY package for this release
     contains SmartClient components that are licensed for deployment.

  PROPRIETARY & PROTECTED MATERIAL
     This software contains proprietary materials that are protected by
     contract and intellectual property law. You are expressly prohibited
     from attempting to reverse engineer this software or modify this
     software for human readability.

  CONTACT ISOMORPHIC
     For more information regarding license rights and restrictions, or to
     report possible license violations, please contact Isomorphic Software
     by email (licensing@isomorphic.com) or web (www.isomorphic.com).

*/
    There is another version of this file in:

    com\smartclient\public\sc\modules

    which does not have this notice.


    Question is:

    Can we ignore this comment or is there a problem with packaging this file with the deployable s/w?

    Thanks
    Tags: None
    #2
    system/development supports the Developer Console only. You can ship it with your product to support the Developer Console, but don't load it with your main application - use system/modules instead.

    Comment

      #3
      Oh, and yes, those are of course false positives. If you can isolate the specific lines where the software thinks it's got a worm (or whatever) please let us know. Maybe it can be refactored so it doesn't trip the false positive, or the antivirus product can be corrected.

      Comment

        #4
        Do you see any issue (technically and legally), if we take out all the javascript files under that directory when we package up our deployement software?

        Thanks

        Comment

          #5
          That should be fine.

          Obviously if you do run into any unexpected behavior when making this change let us know, but these libraries are shipped to support development tools (such as the developer console) only and should not be required for your live application.

          Comment

          Previous template Next
          Working...
          X