We have received multiple reports from users that Avast blocks a website we host, tamultihousing.com, calling it unsafe. The site is clean on virustotal.com.
We are aware of malicious traffic trying to go to tamultihousing.com, but we block it at our network perimeter. Please allow me to provide a little background:
For just a few hours on 7/31/2012 (two years, two servers, and two networks ago), tamultihousing.com/logo.gif did appear to be malicious. We deleted the file as soon as it was discovered, literally within hours of it showing up, and verified the server was not otherwise compromised. Deleting the file resulted in millions of 404s, and our previous server and network wasn’t sophisticated enough to do anything about it. The 404s were crippling so we added a clean 43 byte logo.gif to tamultihousing.com, actually serving up that small file used fewer resources than having no file at all. Once that site (verified clean) was moved to our much more sophisticated current network, we blocked that traffic at the firewall.
Except for a few hours in 2012, tamultihousing.com (and everything else we host) has been clean, but the bot traffic still returns on occasion (our network security admins are alerted via our checkpoint firewall). Logo.gif for three hours in 2012 was the last and only malicious anything we ever found on our servers ever. We believe the file got there in the first place via a vulnerability in the Plesk control panel we had on that old box, which we were happy to be rid of in late 2012.
We have no control over this rouge, outside Sality traffic that likes to try and ping that domain on occasion, all we can do is block it at the firewall which we’ve done for years. Is there any process to get that domain back to a neutral status with Avast?
Did not mean to mislead - to rephrase, the site has a detection ratio of 0/65 on virustotal.com and has zero threats detected when virus scan is run on the server.
We have updated the jquery library and now shows no vulnerable libraries found:
We’re still getting reports of false positive blocking of content at our clean domain (see above for background/context) tamultihousing.com. How can we get it unblocked? We have no control over the Sality traffic that’s causing the block other than block it at the firewall which we’ve done for years. Thanks everyone for the help.
This is an email with embedded content from the domain:
