False Positive URL:Phishing

rodrigo.lopez · November 7, 2022, 5:10pm

Hello, we are having reports of some users that are using Avast are getting blocked when try to go to our webmail , Avast is giving them a URL:Phishing message.
The domain of our webmail is correo.sofse.gob.ar and it get clean in all the tests than i do, example of that are the next 2:
https://www.urlvoid.com/scan/correo.sofse.gob.ar/
https://sitecheck.sucuri.net/results/correo.sofse.gob.ar

Can you help us with this case?

Regards

polonus · November 7, 2022, 9:23pm

See report here: https://en.internet.nl/mail/correo.sofse.gob.ar/813136/

polonus

rodrigo.lopez · November 9, 2022, 5:47pm

That test is incorrect, correo.sofse.gob.ar is not our mailexchanger , the domain is sofse.gob.ar, the host that Avast is blocking its the web interface of the mail client.
You have to test it like a web, not a mail server.

DavidR · November 9, 2022, 6:59pm

It still shows security weaknesses based on the domain - https://en.internet.nl/site/sofse.gob.ar/1769620/

polonus · November 10, 2022, 12:30pm

Found: TLS Recommendations

HTTPS mixed content found. Your HTTPS website is referring to an HTTP resource:
htxp://www.afip.gob.ar/images/f960/DATAWEB.jpg on hxtps://www.argentina.gob.ar/transporte/trenes-argentinos

polonus

rodrigo.lopez · November 10, 2022, 1:59pm

Again, that is not the site that is blocked. sofse.gob.ar is our main domain, is redirected to argentina.gob.ar , the site blocked is correo.sofse.gob.ar , that is the frontend of the webmail. The rest of our hosts are not blocked and only avast and avg are blocking correo.sofse.gob.ar
The mixed content is not on correo.sofse.gob.ar, but in argentina.gob.ar (that´s the site where sofse.gob.ar and www.sofse.gob.ar is redirected to)
I know that the security is not optimal, but in almost any site that i check it´s showing low risk.

polonus · November 12, 2022, 12:31pm

Wait for a final verdict from avast team. They are the only ones to come and unblock.
We here are just volunteers, knowledgeable in the field of website security and website error-hunting.

polonus

Constructora2 · November 17, 2022, 6:50pm

Hello, I have a problem with my website. It gives me a URL:Phishing alert to any of the domains that I want to enter. I have already gone through different scanners and they do not indicate virus or malware symptoms. I already reported in the false positive form to wait for the review of my page, but at the moment there is no response. I hope you can help me.

DavidR · November 17, 2022, 7:16pm

Since you don’t give a domain name (ensure it isn’t active no http? etc. to avoid accidental exposure), no one in the forum or Avast Team can investigate.

You also don’t say where it was reported or when ?
If here - https://www.avast.com/false-positive-file-form.php.
Then you should get a response in a day or two.

Constructora2 · November 17, 2022, 7:23pm

el nombre de mi sitio es https://constructoracestber.com/, el formulario fue enviado el dia de ayer en la mañana

DavidR · November 17, 2022, 9:52pm

Please modify your post as I have in your quoted post, just constructoracestber.com is sufficient.

Also please post in English in this section of the forum (google translate) or post in the Spanish language forum.

You can as suggested in the post above yours report it as a possible false positive.

https://www.avast.com/false-positive-file-form.php. Then you should get a response in a day or two.

False Positive URL:Phishing

Announcements