I keep receiving below warning even I am not visiting travellife.org. I’ve tried to google what happened, I empty the cache in safari, run a full scan and nothing seems help at all. Someone said it is a false positive, and I reported to Avast.
If I remember correctly, it seems happened since upgrade to Yosemite.
Avast Web shield has blocked a threat.
Infection: URL:MAL
URL: hxtp://www.travellife.org/
Process:/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking
I placed my domains comxxxxxxxx.com and mixxxxx.com in my hosting server and both can not be accessed from firefox or chrome because the complement Avast blocks web pages with the message Infection: URL: MAL
Alas, the culprit does not seem to be any extension. I had only one extension running for Safari (1Password) and I tried disabling it per your suggestion, but I’m still getting the same kind of warnings from Avast’s Web Shield. All of the warnings seem to be related to attempting to access kubows.com, forbition.com, fairtray.com, and volcanish.com. They all seem to be connected to activity by com.apple.WebKit.WebContent.
I’m totally puzzled. I have never gone to any of those websites intentionally, and I don’t seem to have any cookies or databases on my system that are related to them.
Got it! Maybe the following info will help somebody else with the same question. Avast was indeed calling attention to malware links but they were in Mail, rather than in Safari files.
I use Apple Mail to download (via IMAP) all my webmail from Yahoo. Apple Mail puts anything from Yahoo’s spam folder into a “Junk Mail” folder on my system.
Today I noticed that as soon as I selected these messages in preparation for deleting them, Avast’s Web Shield instantly popped up the warnings I mentioned previously.
I would have thought that Mail Shield would have handled this kind of thing but for some reason Web Shield handled the task for Avast. I confirmed this by hovering my cursor over several of the messages to see where the links in them actually pointed. Sure enough, there were links to various malware-bearing websites such as fairtray.com, matching the sites in the Web Shield pop-up warnings.
Hope this is helpful info. It certainly made me more respectful of Avast’s capabilities, and even more wary of spam.
Mailshield handles the download of mail via IMAP or POP (email protocols). If the webshield was the one flagging it it probably means that these emails have links, web links, like images that are stored remotely and as such use the HTTP protocol, hence the web shield intervention as it filters all HTTP requests.
The WebKit framework is what OS X uses to fetch and display web content in and outside the browser, Safari. It’s the web engine that not only powers the browser but also any web content displayed elsewhere.
You don’t happen to have ‘display of remote images’ in email messages turned on?
I don’t see anything in Apple Mail’s Viewing preferences specifically called “display remote images” but I did have “Load remote content in messages” turned on. Is that the same thing?
Yes, exactly, sorry, that’s what I meant. That explains it. It’s safer to have that turned off, you are automatically downloading web content that might not be safe, such as the content that webshield blocked.
Thanks for the good advice! I have turned it off. I think “on” was the default when I first set up this Mac–I don’t remember messing with it–but that’s a while ago. Again, thanks for your kindness.