Clients site being flagged for infection, but cannot find a problem with on-site

I am consistently getting Infection Blocked notices when visiting a client’s site. I have scanned the client’s site with malware/virus scanning tools and cannot find anything. The site was hacked about a month ago but was cleaned and verified by Google.

The warning I’m getting is this:
Avast Filesystem shield has blocked a threat and moved it to the Chest.
Infection: HTML:Script.inf
User: stephenfoster1
Process: /System/Library/Frameworks/WebKit.framwork/Versions/A/XPCServices/com.apple.WebKit.Networking
File: /Users/stephenfoster1/Library/Caches/com.apple.Safari/WebkitCache/Version9/Records/No partision/Resource/81276CF1D35B4895614E87VF087287CBBB7E197A

I need to know if this is legit or a false positive and how to fix it. My client is concerned as am I that there is still something wrong and that others will see the same warning and avoid the site.

There is not much to say without knowing what domain you are talking about.

Sorry, I’m sure that would help. http://www.cheekwoodgolfclub.com

One of the scripts on that site/page is triggering the alert.
I don’t know which one as I do not work for avast.
It can be e.g. a statistics counter.
I suggest to contact avast > https://www.avast.com/report-a-url.php

Some thins I found when checking the site :

Browser difference and links can be to blacklisted sites :
https://www.websicherheit.at/website-malware-viren-scanner/?url=www.cheekwoodgolfclub.com

Wordpress insecurity :
Warning Directory Indexing Enabled

Blacklistings on that ASN :
http://urlquery.net/report.php?id=1483733901991

Vulnerable library detected :
http://retire.insecurity.today/#!/scan/acf110093fd92e43c3046b611a711864478d1983d945f5c82992b0eed9d24085

The infection alert is from the file system shield, not from the webshield. According to the path, it looks like it is a file from
Safari’s web content cache. What is kind of weard is, that the web shield does not trigger any alert…

Can you post here the “infected” file (/Users/stephenfoster1/Library/Caches/com.apple.Safari/WebkitCache/Version9/Records/No partision/Resource/81276CF1D35B4895614E87VF087287CBBB7E197A
), so we can analyze it? Maybe it is a falsepositive, but without the file, we can’t say anything about it.