Blockage of Qassa

Hello all,

We have troubles with the Avast! software blocking our website. We have already contacted the support department, but no response so far.
The reason to put this into the forum is because this is a really urgent problem and we want to be in contact with Avast.
Does anyone know how we can get in contact with someone at Avast? Because we want to communicate and know what the reason is to block our website.

Hoping one of you can help me out?

about Qassa

Qassa is a big Loyality program in Europe. We have about 500.000 active users (all double opt-in) and they receive mails from us with commercials adds.
The users gains points with clicking on our emails and with purchasing the get an extra refund (cachsback).
We are active in: The Netherlands, Germany, France, Belgium, Poland, Italy, Turkey, Sweden and Norway.
www.qassa.com is more information.

You can report a possible FP here: http://www.avast.com/contact-us.php?subject=VIRUS-FILE

Qassa.nl is working without a problem if avast is running.
Avast free 2015.10.0.2208
VPS 141124-0
Windows XP/SP3

I suspect the https scanning is to blame if it doesn’t work.

I’m running Win8.1, Avast Pro Antivirus 2015, Latest virus definitions.
Qassa.nl is blocked, message URL:Mal

Disable https scanning and see if the problem is solved.

Disabled https scanning: problem solved.
Enabled https scanning: still no problem…?

Hi w.post,

Some DNS issues here: http://www.dnsinspect.com/qassa.com/1416843383
Header Security Issues found (take up with hoster):
X-Frame-Options
X-Frame-Options does not appear to be found in the site’s HTTP header, increasing the likelihood of successful clickjacking attacks.

Strict-Transport-Security
Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.

Nosniff
nosniff does not appear to be found in the site’s HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.

X-XSS-Protection
We didn’t detect any mention of X-XSS-Protection in headers anywhere, so there’s likely room to improve if we want to be as secure as possible against cross site scripting.

Content Security Policy
We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.

UTF-8 Character Encoding
utf-8 doesn’t appear to be declared in this site’s HTTP header, increasing the likelihood that malicious character conversion could happen. Maybe it is declared in the actual HTML on the site’s pages. We hope so.

Server Information
Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!

Cross Domain Meta Policy
Permitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pdf files…

For recommendations scan here: http://cyh.herokuapp.com/cyh

Code hick-up (extended run-time): wXw.qassa.com/javascript/jquery-1.4.2.min.js benign
[nothing detected] (script) wXw.qassa.com/javascript/jquery-1.4.2.min.js
status: (referer=wXw.qassa.com/)saved 72174 bytes 65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:

Website Security Check gave:
On iFrame Check:
Suspicious content.php?p=global&c=global&l=en_gb&s=qassa’

On Javascript Check:
Suspicious

The problem is (or at least should have been) solved with the latest “emupdate” by avast.
For those who have the problem, please check if it is.
If not, right click the avast ball near the clock and choose update.
After the update is finished, please check again.