False positive on Flash Google Maps API

Hello,
Avast detects Google Maps Flash API as false positive since this morning.

http://code.google.com/apis/maps/documentation/flash/demogallery.html

Regards

Can you be a little more specific as I have just visited that link using firefox 5.0 and clicked on several of the demos and no alert by avast. Latest virus definitions, 110623-0, what version are you using ?


http://img163.imageshack.us/img163/2/gmapflash.th.png

I’m using 110623-0 version, on 6.0.1125. I detect the problem on Chrome, Firefox and Opera.

Getting it as well in Opera and FF with definitions 110623-0 and 6.0.1184.

I’m also getting the same message.

Firefox 4.01

Avast! version 6.0.1125
definition 110623-0

Sir,

I got it too.

Just goto this: http://gmaps-samples-flash.googlecode.com/svn/trunk/demos/StyledMaps/sample.html

You have to allow nosript for googlecode.com (otherwise it will not load the link in the pic), and when it reloads, the link highlighted in the pic will be detected by avast.

OK got an alert on that page,
I don’t know if it might just be the monstrously long URL that is triggering it (there is also a huge one inside the file), guessing from the malware name swf:chainer and the fact that it is a Heuristic detection [Heur]. I believe there was a resent beefing up of Heuristic detections.

See image as there are multiple URLs in a long string, so that may be why, only avast and gdata detect in VT so possibly a Heuristic FP.

http://www.virustotal.com/file-scan/report.html?id=081a3a919da78396907357406725de8aff07fed093f0e62ac357b59dc1af8efc-1308841658

Sent to avast for analysis.

Same problem with the GoogleMaps Plugin integrated in www.krpano.com virtual tour.

http://www.juste-pour-voir.net/20101107MerRouge/
http://www.juste-pour-voir.net/20110330CathedraleStrasbourgTerrasse/
http://www.juste-pour-voir.net/20110520Rivetoile/
and so on…

http://www.juste-pour-voir.eu/20101107MerRouge/Avast.gif

…all my virtual tour present the same problem since today (yesterday, everything was OK).

(Sorry for hazardous French → English translation)

You can also use the new on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.

  • If you are reporting an FP, then you get another input filed open, click Browse button and navigate to the file or enter the web URL for the site you wish to submit for review, etc.

This way we will be approaching/attacking the FP problem from two sides. You could also give the URL for this topic in your report.

Hello,
thank you for notice. False positive will be fixed in next VPS update (give us 10 minutes).
Sorry for any inconvenience.

Milos

Fixed.

Milos

Confirmed, no alert on the link in Reply #5

Congratulations for your reactivity.