This is an official New York State government website that is used by employers to conduct criminal background checks on potential employees. It is highly unlikely that it contains any actual malware.
I filed a ticket on this in October 2016. I got a response from Avast saying they were looking into it. Then in November I got a satisfaction survey from Avast asking me to tell them how they did. I never got email from Avast saying they had fixed the problem.
This is an official New York State government website that is used by employers to conduct criminal background checks on potential employees. [b]It is highly unlikely that it contains any actual malware.[/b]
If samples of malicious code is posted on display there, then avast webshield may react
What is the full message avast give? … or post screenshot
The pop-up occurs on the main, open-to-the public page of the website, before any data that could reasonably be expected to require https is requested or submitted.
The website is required for use by many people in the course of doing their jobs. It is inappropriate to interrupt or delay people’s work because a website contains something that could be, but has not been, exploited for dangerous purposes. As I’ve said before, Avast should not be blocking websites merely because they “might” contain something bad, but only if they actually DO contain something bad.
As usual, clicking the “More details” button on the pop-up does not provide any more details; it just displays an advertisement for Avast products on a web page.
avast doesn’t block sites because they might be malicious.
They only block sites if something malicious is detected.
And yes the detection can be wrong, that is why you can ask avast to have a look manually at the site. https://www.avast.com/report-a-url.php
I posted the screen shot that showed that Avast blocked the execution of an element on the website, apparently merely because some javascript on the site didn’t meet Avast’s expectations for “security” or “newness” or something. If blocking this element results in people being unable to use portions of the website that they need, then that is the same thing as blocking “the website” for those people.
And as I said in my original post, I filed a ticket in OCTOBER 2016, and this issue has not been fixed, even though Avast subsequently sent me a satisfaction survey asking me how I liked the way they “fixed” it.
It may be appropriate to warn the DEVELOPERS or OWNERS of websites when their websites contain code that may not be maximally secure, but that function should be limited to website development tools. Displaying warnings, or blocking website functionality, or blocking websites, merely because the code is “old” is not helpful, or useful, or appropriate, for ordinary end-users of these websites.
If Avast is going to insist on doing this anyway, then it should least give me a switch to turn it off in the SOA. I do not want to turn off the entire web shield, I only want to turn off the portion of the web shield that issues warnings and blocks for theoretical, not actual, threats.
Avast only flags websites that are a threat to the visitors thereof.
What further is mentioned as insecurity is no reason for avast to have set up detection of that site,
however mitigating vulnerability and ‘no best policy’ website management can be helpful in many ways.
It should be taken as an advice.
Only Avast Team Members can comment on why your website or the IP address the domain is on is being alerted.
They are also the only ones that can come and unblock.
We are just volunteers with relevant knowledge.
With thousands and thousands of all sorts of scans behind us, we can almost hear the website code-grass grow here. But whenever we place our ears to the ground, that does not mean you are bound to follow up our advice how to mitigate vulnerable code and issues we see. What we advice is a proposition only and can but need not be related to why avast blocks.
Wait for an Avast Team Member to give the final verdict on that site’s blocking,
polonus (volunteer website security analyst and wesbite error-hunter)
Main issue is the secure connection, not the initial one, that is secondary, but the real data transfer should be secure.
What security you want to exclude from your attention is your choice. Again the WebShield and the OAS warnings are all based on what a normal anti-virus vendor would detect and also what is outside their scope.
We do not advise you in the realms of firehole blocking, just show what best policy patterns are maintaining a website maintaining security standards (patch vulnerable and/or outdated code, uphold same origin (sri hashes generated), apply security headers, just stick to advisable standards. And again that is outside the scope of what avast should do.
Avast task is just to flag websites harmful to their end-users and that is where it stops.
Our forum advice is free, somewhere else it comes with a price-tag attached, and when the website is compromised or with a data-breach you have an even more expensive issue at your hands.
Thank you. I am not the owner of the website, I am the CIO of an organization whose employees must use the website.
I am guessing that this refers to the website’s ability to allow a viewer to specify a location. This is a generic feature of most New York State websites. However, Avast does not pop-up a warning when I visit other New York State websites that have this feature.
And in fact, it does not actually work, on this or any other New York State website. If you choose that option you can enter a location and press an “update” button which does not do anything.
Further, if I click a link on the problematic page to go somewhere else, and then use the Firefox "bacK’ button to return to the page, I do not get an Avast pop-up. If this is really worth warning people about, shouldn’t it warn me every time?
Contrary to what others have said here, it appears you are flagging the site because the code does something that can be misused, not because the site actually contains a real threat. I request that you stop doing that.
No, the code I mentioned is for redirecting users to another location (URL). It means it can redirect you to an arbitrary website. Redirecting users is fine per se, obfuscated redirection is something usually done by “the bad guys”, and will be blocked.
Just a few minutes ago I received an email purportedly from Avast that contained an attachment which Avast deleted as malicious.
This has happened to me twice, both times in connection with the ticket I mentioned in this thread. The first time was on October 21, 2016, right after I filed the ticket. This time it happened a bit more than 24 hours after I sent update replies to the Avast “Help is on its way” and “Tell us how we did” emails that were generated for this ticket.
Both messages had the subject line: Re: Hi! You have a new message from the team.( Ticket ID: [#557683] )
This raises the distinct possibility that something or someone is monitoring Avast email and attacking senders.
I have Avast set to delete, not quarantine, suspect attachments so I can’t provide the file. I can give you the full headers for the suspect emails, but I tried to post them here once and the post didn’t go through–perhaps a length limitation?
Modified to attach a text file containing headers and body text for the infected email.
