2 suspicious files given there by quttera’s, see: http://chrome.quttera.com/chrome_detailed_report/www.joomlart.com
Furthermore the site has the following issues (these are not malware related): 1. -website gibes away through the “X-Powered-By” HTTP Header, that content is being generated dynamically. This header should be removed. 2. - site makes use of a tracking graphic.
Spamcheck status secure, safe browsing status secure, WOT report status all green, DMOZ/ODP 1 link
Already reported 2 times a few days ago! No replied, no action at all.
It reported 2 links: 1 is a normal JavaScript’s Ajax library, 1 is from a Google+ page! I don’t think Google+ is kind of “Potentially Suspicious”
I must tell you my story, I think it is wrong behavior / heuristic detection: last time we had launched a promotion for Black Friday, the winner got a Nexus 10 tablet. We have a Joomla!'s module that force redirect all first visit connection (use cookie to check it) by PHP’s header, and it was redirecting all links to our site to /nexus10/ page to get user attention. I think Avast!'s engine was think it is injected by a malware that redirect all URLs to that page.
Why you guys don’t trust SiteAdvisor, Norton Safe Web and Google site checker?
I had scanned my www folder using ClamAV with latest database and it found nothing.
No one said we don’t trust SiteAdvisor, Google SafeWeb and Norton Safe Web results. Off course we do and these three usually flag lots and lots of issues.But scanners overlap. And we have to consider quite a bit of scanner to be able to give a site a complete clean bill of health.
Your site seems clean, seems to have some sound security policy. Convince yourself here: https://www.virustotal.com/url/8763905ca2dea1947a950f71cbef84a4a3808dc47626cb81013d0076c175e75a/analysis/1354031349/
It does not give any server version or website software version out to the world. But the three above scanners do not find all threats. DrWeb URL checker and avast scanning overlap. urlquery.net request response scanner with IDS finds issues that gred website scanner does not find, nor zulu Zscaler, Bitdefender’s TrafficLight flags threats other scanners do not, sucuri’s has many script related issues. We check with malzilla and various webcode sniffers and viewers (Redleg’s for instance), IP resources, various bloclkists, VirusWatch data for recently closed and dead or active malcode, and a whole scala of other resources as where our cold reconnaissance query will lead us. But then whenever we say your site has issues it certainly has some to consider and whenever we say your site is secure at this point in time, it is. There are quite some enthusiasts that help out here in website scanning
(Pondus, !Donovan, Asyn to call just a few), and little old me…
I tried to check with Quttera and see it is reported so standard libraries, famous sites contain kind of “potentially suspicious” thread like it said, here are some report like that:
The decision to block unblock a particular url or domain or IP lies entirely by the members of the avast av solution team.
We here are no part of it and have no influence further than reporting issues to virus AT avast dot com, and what the avast team does with this information is just their privilege period.
If the detection is a false positive it will be dealt with in some coming update. They won’t comment directly, but they are known to react quite soon, also avast webshield and networkshield detection is known to be solid state and highly reliable. But you know the status of a wbesite can change within seconds from with active malware as to cleansed from malware or malware response dead…
Some potentially suspicious flags from quttera’s and other scanners should be taken like for instance the flags that jsunpack sometimes produces on anomalies or delayed handling of some javascript code also will produce a “suspicious” there. Also benevolent obfuscation could lead to FPs.
This could also mean a bug, a time out, due to a misconfiguration and will not mean immediately it is malcode per se, so not being malcious or not even unwanted code. Do not read more into “code hick-ups” as should as I produce these scan results just for evaluation purposes,
These companies are the top of the top. Naturally, they utilize ‘hacks’ (notice the quotes) in order to increase the speed of their huge frameworks. Have you ever thought of all the code behind Google’s search engine, email, and the likes? Checking if you are logged in, then having to check and load the required essentials if so? Now think about Facebook. How do they manage a huge database of that sort, all the features that they offer, and provided services to unimaginable numbers of people at the same time, and still be able browse the website fast? Naturally, obfuscation is the best bet for speeding up the website’s load time. Especially when you have mobile browsers visit the same site with a phone at hand, where the processing power isn’t as great as desktop browsers.