This package attempts to guard against false positives from antiviruses that flag Blazor Wasm as malware, until (or if) Microsoft gives us an official solution.
- BitDefender Total Security (v26.0.10.45)
- BitDefender Endpoint Security Tool (v7.4.3.146)
- Smoothwall Firewall - Confirmed by peterthorpe81
🔔 If you have used this package and has helped you bypass any false positives from other security software, please consider creating an issue with your experience to contribute to this list.
This package injects some custom MSBuild tasks that do the following during publishing:
- Obfuscates the all client assemblies so that firewalls and antiviruses don't see them as executables. Two obfuscation methods are supported:
- Using a key to XOR all client assemblies (default).
- OR
- Changing the MZ header of all client assemblies to BZ, a custom header (more info here)
- Renames the extension of all client assemblies from .dll to .bin
- Adds a lib.module.js that contains a
beforeStart
blazor initialization method (more info here), that uses a customloadBootResource
function to restore the obfuscation of the assemblies after downloaded, but before loaded by dotnet.wasm
- Add the nuget package in your Client (wasm) AND your Server (if using blazor wasm hosted) projects
dotnet add package BlazorWasmAntivirusProtection
- (Progressive Web Applications only): If you are using the Blazor Wasm PWA template, update the following line in your
service-worker.published.js
file to include.bin
files:
const offlineAssetsInclude = [/\.bin$/, /\.dll$/, /\.pdb$/, /\.wasm/, /\.html/, /\.js$/, /\.json$/, /\.css$/, /\.woff$/, /\.png$/, /\.jpe?g$/, /\.gif$/, /\.ico$/, /\.blat$/, /\.dat$/ ];
- Publish your app in Release mode and test it!
dotnet publish Server\BlazorHostedSampleApp.Server.csproj -c Release
Nuget package page can be found here.
The following options allow you to customize the tasks executed by this package.
If you want to use a different extension for renaming dlls, for example ".blz", add the following property in the published project's .csproj file (Server project if using blazor hosted).
<RenameDllsTo>blz</RenameDllsTo>
You can disable dll renaming by adding the following property in the published project's .csproj file (Server project if using blazor hosted).
<DisableRenamingDlls>true</DisableRenamingDlls>
You can change or disable dll obfuscation by adding the following property in your Client project's .csproj file. Supported values:
None
ChangeHeaders
Xor
(default)
<!-- Disables dll obfuscation -->
<ObfuscationMode>None</ObfuscationMode>
You can change the key that is used for the XOR obfuscation adding the following property in your Client project's .csproj file.
<!-- Changes the dll obfuscation xor key -->
<XorKey>mykey</XorKey>
You can find a sample app using this package here.
This work was inspired by the post in dotnet/aspnetcore#31048 (comment) by github user tedd
1.5
- Added support for multiple dll obfuscations, changing the default to XORing the dlls instead of just changing the headers.
1.4
- Added support for Multiple Blazor Wasm apps under the same Server project #8
1.3
- Added support for Blazor Wasm PWA apps
1.2
- Fixed sequential publishing issue.
1.0
- Added customization options.
0.1
- Initial release.