Any site or subdomain that I create in my server xxxxxxx.com gets blocked by avast and just says URL:Mal (no more details). I’ve spent a couple of days checking logs, security measures, and also checking the file inside the containers, but even an empty container raises the alarm so please advice.
How do you know if its a False Positive or a virus that is just getting past me?
The website is blacklisted at Spam Eating Monkey.
It could be that there was malicious activity in the past on that IP.
If you believe it is a false positive, contact avast through the contact form and ask them to allow your site.
Thanks for the reply. I googled Spam Eating Monkey
As far as I can undertand. I´m listed as a precaution for being a new domain.
Kinda strict to assume I’m a thread only because my domain is new. Since tomorrow I’ll be more than 15 days old, will that automatically remove me from avast?
By the way the web server software needs updating - Outdated Web Server Apache Found, therefore Vulnerabilities on Apache 2.2 Apache/2.2.22
There is an avast! general IP block for 50.116.41.73 as URL:Mal. Kraken’s Virus Tracker classifies your domain as sapofire dot com,50.116.41.73, ns1.linode dot com,Criminals, meaning just it has live malware up and running.
I really appreciate the effort in your replies. But there just isn’t enough information for me to go on.
@Eddy, my ip is old, but I’m only being flag, correct me if I’m wrong, for being a new domain name. There is no vulnerability or virus warning from Spam Eating Monkey. I filled the form 2-3 days ago but I got no response. How long does Avast take, do they reply when there is actually a vulnerability or just ignore you?
@Polonus, The server is at the most recent version of Apache for the repository it uses. The vulnerabilites have been eliminated but the version doesn’t change, this is a practice called “backporting”. I keep checking logs and containers for any problem but I really can’t find any.
What is Kraken’s Virus Tracker? Google is of not much help to me and as you can see I’m very new to this board. I’m very open for scrutiny and security check, but I need some kind of feedback other than “you are blocked by a malware list”.
I don’t very much care for being called Criminal without any sort of details about it…
Yes, you are wrong.
A new domain is never reason for being blocked/blacklisted.
Everyday there are about 100.000.000 domains registered.
It would be very strange if they all where blacklisted/blocked just because they are new, right?
It would be a funny news story if it happened by mistake though ;D
Latest version of Apache is 2.4.9.
Since you are not using it, it can be a reason for a block.
Backported server software or even outdated server software without an actual infection is never any reason for avast! to block (mind you I am no avast team member, but that is my experience here). The only instance that alerts the outdated server software is Sucuri, a recommended well-known website scanning service.
Your blocking by avast is probably caused by a general IP block from the IP badness history.
The scan at http://www.kleissner.org/virustracker.html gave these classifying results.
Please note that "Criminals"in the scan results means nothing more than active.
So… I spend the whole day updating apache and manually fixing all incompatibilities with my system. Guess I’ll look on the bright side. At least it’s theoretically safer.
I checked the link to the Virus Tracker, there is a 1 time free scan. I set it up for the ip of the server and the scan found nothing wrong…
At this point I guess my only hope is that Avast! team can give me some sort of feedback on what to do to get out of their list. I would totally just kill the entire server and reinstall everything once again, but I’m pretty convinced this is a False positive.
When that is the case, we certainly have a win win situation here. Website software updated and hardened. Website no longer flagged and no longer blacklisted by avast!. Website owner happy and visitors should equally be happy to be able to visit a more secure and safe site.
Certainly some benefits for coming here and a reward for posting these issues on the forums. Stay safe and secure is the wish of,
Thanks for all your help. I still get flagged unless the antivirus is updated (not the database. the program). So, it’s a half solution for now since a lot of people don’t bother to update unless its automatic.
is there any way to remove my domain name, so that google doesnt refer to this page when you search for it?