Checking a url code dump with a file viewer was blocked in it’s tracks by avast! Web Shield detecting JS:Iframe-X[Trj],
see: htxp://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.allergens-controlled.com%2Fblog%2Fp%3D121&ref_sel=Google&ua_sel=ff
Here we can see the url dump without the overzealous avast!Web Shield reacting: http://www.toolsvoid.com/url-dump
So I use that now for skimming through some code in cases that avast!Web Shield rightly flags parts of the malcode flagged through evaluating a file viewer uri.
See the IDS alert here: http://urlquery.net/report.php?id=1247355
for http_inspect: JAVASCRIPT WHITESPACES EXCEEDS MAX ALLOWED
See attached image
For a survey of malicious iFrame affected websites, see: http://evuln.com/labs/hulpdienststabroek.be/
Avast detects JS:Decode-ML[Trj] here (counter.php)

polonus

Here is the description of the IDS alert urlquery comes up with (severity 3):
http://www.snort.org/search/sid/120-10 (link info contributed by Sourcefire Vulnerability Research Team)
Detected in snort via the http_inspect preprocessor and forming part of the so-called generic messages sigs.
Example for this snort node can be found described here:
http://manual.snort.org/node103.html (link info from Joel Esler 2012-12-04 )
Where the malicious iFrame affected websites are concerned, see: http://evuln.com/labs/hulpdienststabroek.be/
Logs where we found more evidence: http://sakrare.ikyon.se/log.php?id=1029
Removal of the counter.php malware: http://blog.sucuri.net/2012/07/website-malware-removal-counter-php.html
(link article author = tony perez)

polonus