Hey, it’s seems that you have a false positive on this file:
www.digitalwhisper.co.il/files/Zines/0x08/DW8-3-OpenSource.pdf

This is the results on VirusTotal:
https://www.virustotal.com/en/file/73ba703c6676eeb5cf11ee9172298b09adfe70ab7939ebdca9e2138c0e6dd503/analysis/1440359749/

you are the only AV that mark this file as a virus “PDF:UrlMal-inf [Trj]”.

it will be nice if you will be able to check it. Thanks!

Also, I have the original DOC file that made this PDF if you want to try it in your labs.

You can report a possible FP here: https://www.avast.com/contact-us.php?subject=VIRUS-FILE

Hi DigitalWhisper,

Seems fine: see → -http://zulu.zscaler.com/submission/show/f2dc91ed752503b8e15068dc42c4ed33-1440362315
and → -http://urlquery.net/report.php?id=1440362459166
2007 word document saved as pdf mistaken as being malformed might have produced a FP!
See: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.digitalwhisper.co.il%2Ffiles%2FZines%2F0x08%2FDW8-3-OpenSource.pdf
Jokingly I could say there is “the right amount of tomato-sauce in the ketchup” ;D ;D
so a false positive!
But you have to wait for an Avast team member to no longer flag it,
as we here are only volunteers with some relevant knowledge

polonus

Does the pdf.doc contain a URL ? … a blacklisted URL

Hi Pondus,

I do not see that or it must be obfuscated, it should be scanned with Milano.
There were instances of Avast flagging PDFs earlier that were FP.
Interesting here: -https://archive.hackerspace.org.il/Magazines/he/DigitalWhisper/Seperated/0008/
Is that what you were aiming at.
Here Avast does not flag: https://www.virustotal.com/nl/file/81cab78a692d660eafb37711d4a75b0d1559f3a0dc92c9c78f4d529fd2f23f10/analysis/1440367603/ Technology Papers.

pol

I do not see that or it must be obfuscated,

you did a urlQuery scan of the downbload link … did you click the picture and read the info

Forbidden

You don’t have permission to access /files/Zines/0x08/DW8-3-OpenSource.pdf on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

so we can not download the pdf.doc and inspect it … i have tried
and since the detection show on his scan of the pdf.doc on VT i assume the problem is in the pdf.doc and not the download URL … or am i wrong?

Hi Pondus,

You could do the same if you look here: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.digitalwhisper.co.il%2Ffiles%2FZines%2F0x08%2FDW8-3-OpenSource.pdf
Only link: 90.806 509.03 281.18 523.58 but is that an IP?

polonus

Hey, I’m sorry about the “Access Denied”, it’s our hosting ACLs.

I uploaded the file to tinyupload (if you have an Avast installed - it will notify you when you start to download it…):

http://s000.tinyupload.com/index.php?file_id=66693826811951834247

Avast alerts a link to -http://www.oriidan.info/article/thoughts as with URL:Mal, general detection.
This not flagged: https://www.virustotal.com/nl/url/5dd45c1404378d2a57229849a2e82c3a8821a707fdca4157869841c869717b4f/analysis/1440400237/

polonus

Exactly as polonus said: we block oriidan.info, and the PDF contains a link to oriidan.info. The domain was blocked due to DNS hijack - change DNS hosting, let me know and I will unblock it