I am consistently getting Infection Blocked notices when visiting a client’s site. I have scanned the client’s site with malware/virus scanning tools and cannot find anything. The site was hacked about a month ago but was cleaned and verified by Google.
The warning I’m getting is this:
Avast Filesystem shield has blocked a threat and moved it to the Chest.
Infection: HTML:Script.inf
User: stephenfoster1
Process: /System/Library/Frameworks/WebKit.framwork/Versions/A/XPCServices/com.apple.WebKit.Networking
File: /Users/stephenfoster1/Library/Caches/com.apple.Safari/WebkitCache/Version9/Records/No partision/Resource/81276CF1D35B4895614E87VF087287CBBB7E197A
I need to know if this is legit or a false positive and how to fix it. My client is concerned as am I that there is still something wrong and that others will see the same warning and avoid the site.
One of the scripts on that site/page is triggering the alert.
I don’t know which one as I do not work for avast.
It can be e.g. a statistics counter.
I suggest to contact avast > https://www.avast.com/report-a-url.php
The infection alert is from the file system shield, not from the webshield. According to the path, it looks like it is a file from
Safari’s web content cache. What is kind of weard is, that the web shield does not trigger any alert…
Can you post here the “infected” file (/Users/stephenfoster1/Library/Caches/com.apple.Safari/WebkitCache/Version9/Records/No partision/Resource/81276CF1D35B4895614E87VF087287CBBB7E197A
), so we can analyze it? Maybe it is a falsepositive, but without the file, we can’t say anything about it.