I have been running Avast for a while now, and recommend it to everyone I know, however just recently, on various machines, on various networks, I seem to be getting problems with my wordpress sites, and Avast reporting Malware, which is NOT true…
Its the LATEST Wordpress installation and all latest plugins (both of them!), I also get warnings on other WP sites I use on the same server (different domains) , mostly when using the wp-admin area (administration side), the entire server is swept for malware and I know the server admin very well, who assures me it is a AVAST issue.
One of my main concerns is the amount of customers I could be losing because of these false positives that are being reports (my livelyhood depends on some of my websites hosted!)
Please investigate as soon as and let me know what I can do , and is it an avast issue or the host, if its the host, why?
Many thanks
Report 2011-08-21 13:29:26 (GMT 1)
Website concretecancer.co.uk
Domain Hash 82574e424e146a11cb76b62a30b1650f
IP Address 188.165.227.101 [SCAN]
IP Hostname node2.exoware.net
IP Country FR (France)
AS Number 16276
AS Name OVH OVH Systems
Detections 0 / 23 (0 %)
Status CLEAN
Report 2011-08-21 14:21:08 (GMT 1)
IP Address 188.165.227.101
IP Hostname node2.exoware.net
IP Country FR
AS Number N/A
AS Name N/A
Detections 0 / 26 (0 %)
Status CLEAN
The page has issues, given green by Sucuri, but the software is not been updated, so vulnerable here: Web application details:
Application: WordPress 3.2.1 - -http://www.wordpress.org
<div class="wrapper">
RWJ Allen (c)2011 Artwork by <a href="http://www.blogohblog.com" title="WordPress Themes">Blog Oh! Blog</a> Hosted and Engineered by <a href="http://www.nixta.co.uk" title="website design weston-super-mare">Nixta Services</a>
Hardly any malicious code there…
I recently wrote an article on timthumb issue, and this site is NOT using any timthumb.php
I appreciate your answers and responses, but I do feel this is something to do with Avast blacklisting something on my host. I have installed latest Wordpress along with the default theme (unaffected by timthumb) and have STILL had malware warning pop up randomly whilst in the back end (wp-admin) . I appreciate this is an isolated incident and I am hoping for a response from the Avast team themselves with the FP report I have put in, when I get one I WILL paste it here for you to view.
I don’t know if this is the case here or not:
Do you happen to show any example code on the concretecancer.co.uk site as if this isn’t in image form, then avast’s web shield may well alert on the example.
When enough web shield alert hits on the site from avast users reach a tipping point, then the domain would be added to the network shields malicious sites list as a part of the avast CommunityIQ function. Before you ask I don’t know what that number might be.
As suggested you can use on-line contact form, but if you didn’t give much information on the original report, I would do it again http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.
If you are reporting an FP, then you get another input field open, click Browse button and enter the web URL for the site you wish to submit for review (Network Shield), etc.
A link to this topic in the ‘Your message’ text input filed wouldn’t hurt.
