A gentleman from UKIP tells me that this page
hxxp://www.pearshapedcomedy.com/TimTyler.html
(not the whole of my site) is infected?
The virus warning he gets is
This is very confusing as other virus scanners cannot identify a virus in the HTML.
The warning is very confusing.
It seems to insinuate my website uses favicons (it doesn’t - there is no ico file)
Neither is there a gzip file as insinuated by the gzip reference on the warning.
You can see the files the page actually references here
hxtp://www.pearshapedcomedy.com/TimTyler_files/
It claims there is an Iframe-inf but I cant find such a thing.
Is it suggesting that an Iframe is trying to write a favicon?
The warning is not very helpful in helping me solve the problem …if there is one.
I pretty much wrote the page myself using an old dreamweaver template, seamonkey and hand coding
so unless I have coded it myself how can there be a virus in there?
I will admit my code is probably a bit rubbish and something of a Frankenstine’s HTML monster
but is it actually dangerous or is this, as I suspect, a false positive?
It isn’t that an iframe it trying to write to a favicon, but that when trying to load a favicon a compressed file is being loaded. The {gzip} just means compressed, not specifically that file type, this is commonly a compressed javascript script file being loaded, or attempted to load.
It isn’t uncommon as a possible hack to hijack the favicon.ico to have a script or command instead of the image. Whilst you say you don’t use a favicon when a page loads your browser tries to find a favicon and load it.
So it is possible for a hacker to place a favicon.ico if not used or substitute it if you do use one.
Check for the presence of a favicon.ico file, you might also check of a custom 404 page as that can also be hijacked.
####
That said I have checked it on some analysis sites and come up clean (but it is somewhat strange when the alert is indicating a file that you say you don’t use):
There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.
If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review, etc. A link to this topic also wouldn’t hurt.
NOTE: Please modify your active links to prevent accidental exposure to a suspect link. e.g. change the http to hxxp - hxxp://www.pearshapedcomedy.com/TimTyler.html
There is no gzip file or ico being referenced. I have reported it as a false positive.
I dont know why you want me to remove the reference to a page that isn’t infected but I have modified it.
I do understand ico and favicon viruses but it is clearly damaging to my business for Avast
to go around telling people my site has a virus when it doesnt
and if Avast knows and doesn’t fix this then it is libeling us …
…not to mention preventing people from reading our content.
Something I will respond to by being very rude about them in the back of pubs.
I mean …sorry …this is a cock-up, isn’t it? Own up.
I mean it isn’t just WRONG it’s completely our the tree wrong.
A simple scan of the source code should show that no *.ico or *.gzip file is being referenced
and I have demonstrated to you there is no such file on my site.
There’s only one java script that connects to analytics.
It’s a completely static page …so …how?
Obviously you did not read all of DavidR’s post. He said. If you think it’s a false postive report it!. I should also mention. We are volunteers, not official employees. So complaining to pubs when most people are drunk will not help you.
I will have Milos or Polonus come check your your website to point out the issue.
It’s all very well to say report it as a false positive but how do I know anything will be done about it?
I could get blacklisted by a large number of virus scanners by mistake which could be an expensive lesson to learn from
so one is understandably concerned… how many other people’s sites are being banned by
what seems to me to be automated paranoia? I wonder…
I did read DavidR’s post and my response is that having reported it as false positive already
I am not impressed with Avast’s lack of alacrity in responding.
To them it is just another bit of dodgy code I suppose … but … anyway …whatever
There’s no such link in my page?
Is it in another page?
Even if this was true [which it isn’t] why is it okay to disable my page for referencing another website?
Am I responsible for the content of external websites now.
I put malkm.com into google to see what would happen
it defaults to our webhost’s missing page site
or something that looks like it or a parked domain of some kind
Ironically if you put our home page in it doesn’t flag up anything as wrong
Just on this particular page …? Odd
If it’s dead then just remove it. You’re blaming Avast! for an issue on your website. Fix the coding and it will most likely be unblocked. If you don’t get rid of it, it won’t be unblocked. Simple as that.
Why do you insist it’s us, when an Avast! employee actually came and took time to explain to you why Avast! is detecting your site. If you remove what Milos told you to remove, you should be fine.
Yes, I cant find your dead link in the code in the page flagged as dangerous.
Dead links were not your original complaint
I dont see why I should take responsibility for links to other websites or what’s on them.
Users follow links at their own risk and it’s up to them to buy decent anti-virus software.
It is not professional for someone to claim my site has an ico virus and then not be able to identifiy where it is.
I am not interested in how much time Avast have used up - as a publisher they, not I, are responsible for what they say about me.
You have provided a sceengrab from a page that is not the page you are complaining about.
Mr Damage wouldn’t even know what a gzip file is let alone have time to upload one.
I think you are idiots / parasites
I was the UKIP Gentleman as Anthony so quaintly put it that first pointed out to him that Avast had flagged up a warning, not really sure what my political allegiance had to do with it but hey oh, I actually thought at the time I was doing him a favour, one that I have since come to regret.
I did an online scan of the malkm.com site and recieved the following message
And have since shown him this but apparently it is now all a conspiracy concocted by Avast and UKIP to discredit him in someway, I know Pearshaped is a comedy site but this is actually the funniest thing I have ever seen come from it.
Anthony there is an issue which Avast has picked up on and simply because Norton hasn’t that doesn’t make it inferior it actually makes it better, I do hope you find out what the problem is in the end because contrary to your own belief you are at present alienating anyone who uses avast from visiting your site and I know a lot of people do use it.