False Positive on New York State Government Website

Viruses and worms
21

That is good news.
The mail shield is working ;D

22

Should have sendt it with password protected attachment

23

Thanks folks.

24

These are my final words on this topic.

This morning I have tested the URL with five different online scanners:

VirusTotal
WebInspector
Sucuri
Quttera
AVG Threat Labs (now OWNED by Avast)

None of these testers find anything wrong with the URL. I could keep going because there are zillions of these testing sites, but I’m betting the results will be the same.

I could contact the webmaster of the site and ask them to remove the code that Avast objects to, but the webmaster is likely to tell me that when all of the rest of the anti-malware companies have no problem with this code, he or she is not going to spend the time necessary to remove it.

The only sites that find a problem here are those that purport to “improve security”, not those that purport to find malware.

Avast Endpoint Protection is supposed to be software that finds malware, not software that advises web developers on how to improve security.

When you constantly pop up messages to warn people about dangers that aren’t really there, they stop paying attention to your warnings. Then when something that is truly dangerous is found, they will ignore that too. (This is a modern example of the ancient European folk tale of “The Boy Who Cried Wolf”.)

Avast’s insistence on flagging this kind of thing is a mistake. I wish you would realize it and correct it.

That’s all. You won’t hear from me again about this particular website.

25

“Silence is golden”…

polonus

26

Avast does not flag the domain. Avast does flag the code that is used in many malware campaigns. Disabling this detection would mean stopping protecting other users, which is obviously something that we don’t want.

27
Avast Endpoint Protection is supposed to be software that finds malware, not software that advises web developers on how to improve security.
AES doesn't advise developers on how to improve security, it is trying to protect systems from getting infected. Blocking/stopping malware is just one part of it. Another part (amongst many more), is preventing users to be redirect to malicious sites/files.

If other scanners don’t block things like this, it means there is room for improvement on the security they are offering.