False positive on my website www.grisel.info

Viruses and worms
1

Hi,

For some months my website grisel.info is beeing reported by Avast as infected, but it is clean.

What do I have to do to inform Avast that is is clean now? (I have been reporting “false positives” but without success …)

Thanks

Jorge
2

You can report a possible FP here: http://www.avast.com/contact-form.php

3

Yes, I have done this in the past (and also today, but without success by the moment) … ;-(

4

You could also try to contact the viruslab here: virus[at]avast.com

5

Probably so, but there was an alert for a code hick-up
wXw.grisel dot info/modules/djimageslider/assets/slider.js benign
[nothing detected] (script) wXw.grisel dot info/modules/djimageslider/assets/slider.js
status: (referer=wXw.grisel dot info/)saved 5451 bytes 332b12103ba70b3772ed72a63c28316031cbcdea
info: [decodingLevel=0] found JavaScript
error: undefined variable Class
error: line:15: TypeError: Class is not a constructor (error - is not a user-defined function / valid constructor -)
info: [decodingLevel=1] found JavaScript
suspicious: and DJ-ImageSlider Component, a compressed packer, that was probably flagged.

polonus

6

Thanks Polonus!

That is a past report or todays report?

Jus in case I have reinstalled djimageslider in order to avoid that alert.

Is there anyway I can run that test on my side?

Thanks!

 Jorge
7

Hi jorge.cacho.h,

I scanned your site to-day at jsunpack with these results as striking. The use of the packed code does not mean that it is malicious per se,
but any av solution generic/heuristic detection may alert on it.

Go here to watch the analysis: http://jsunpack.jeek.org/?report=96d7c245c7301cea793af79e695eb6db6f76bd60

Further insecurities (no malware threats, but exploitable insecurities)

Header returned by request for: hxtp://www.grisel.info → 54.229.222.178
Excessive header information here:
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u4 *
Set-Cookie: e2df55d47db7fa297e6998f0681a3f5a=fogerlag79apu9h9t09l9hi1s3; path=/

Your site is not an asp.net site, but consider these scan results anyway for general insecurities found: https://asafaweb.com/Scan?Url=www.grisel.info

  • found the version of PHP to have numerous vulnerabilities. The vulnerabilities in question are as follows: PHP Vulnerability: CVE-2012-2688 - Critical PHP Vulnerability: CVE-2013-1635 - Critical PHP Vulnerability: CVE-2011-4718 - Severe PHP Vulnerability: CVE-2013-2110 - Severe PHP Vulnerability: CVE-2013-4635 - Severe PHP Vulnerability - now you understand why you should not let your headers talk too loudly as I can find these, attackers can also find these now easily from the excessive header info…

polonus