Sorry to make another post so quickly I dunno If I should have combined this with my “about Threatfire” post or not…
anyways I’m doing a scan with my Avast! for U3 edition for my USB drive of course with
VPS 081217-0, 12/17/2008 and it has so far found
HTML:Script-inf in a .htm file (dont want to post the whole location, really long…) here the VirusTotal results
http://www.virustotal.com/analisis/0448de3f7d0d9a0d0e8fb997a27cae2c
Should I report this as a False Positive?
I would if for no other reason than confirmation as GData also uses avast as one of its two scanners, so effectively just the one detection.
Justin, just remember avast is quite sensible to encryption in webpages and, most of the times, avast detect more and better than other antivirus is this point.
HTML:Script-inf is a detection of blocked url in a script.
So it boils down to few possibilities
a) we blocked the legitimate url and legitimate page refers it - we must fix the block
b) the page describes some exploit or mailware and we catch the text - unlikely
c) the page has been hacked and is now somewhat referring to the bad (blocked anyway) page.
Depending on which webpage, the most probably…
I’m a total newbie at this but I’ve been having a similar problem since the last virus database update. A board that I go to (hxxp://www.dlchem.net) started having the same warning messages today. Every time I visit the site I get a warning that a malware called HTML:Script-inf has been found. I’ve contacted the admin of that board and they don’t seem to have any problems.
Also this could be related to a problem mentioned on another thread (False Positive at Arashiy.ifensi.com). When I visit the site, I sometimes also get a message that avast is blocking access to malicious site h1.ripway.com.
Perhaps my problem will be solved when the block to h1.ripway is removed in the next update, as kubecj mentioned in the other thread…?
This was a false, which was already fixed internally.
Gentlemen! I think I found a small leak in the security for the users of these forums. I have Linkification (an extension for Firefox that converts text to clickable links). It appears to be smart, too smart. 
In his last post bonafide11 wrote a link and made it unclickable (hxxp instead of http), but my Linkification has detected it in 143ms and converted it into clickable - in the statusbar I saw the link has also been corrected (from hxxp to http).
According to the rules of these forums any harmful link must be deactivated but as you can see some ways to do so are not enough secure. Have you any suggestions how to deactivate harmful links and at the same time not to allow Linkification (and other extensions alike) to activate them?
Sorry for the off-top.
PS: I have just thought that bonafide11 didn’t change www for something like xxx. May be Linkification detects links if any part of them is true.
Well first making the attempt to break the link is better than not bothering at all.
Since a) not everyone is using firefox and b) not everyone of this select band ;D are using Linkification so I really don’t see it is a leak in security.
Since I don’t use Linkification I never say the need, I would suspect it would make a link of of just the domain name with out the http or www elements, and that would be easy to test, by seeing if avast.com is converted to a link ;D
I’ll test some variants.
hxxp://www.avast.com
hxxp://xxx.avast.com
hxxp://xxx.avast.xxx
hxxp://avast.com
hxxp://avast.xxx
Results:
All from the above examples are converted - only those with wrong domain name (xxx) don’t correct it into com. My conclusion is not to show internet protocole (http or www or something alike).
The easiest way is to stop using linkification or, notify the maker
of that program of your problem.
I like David and probably most of us don’t use that program.
I don’t even use Firefox as my default browser so no problem here. 
But what was the result of my putting just the domain name for avast ?
I still don’t see it as security leak as primarily the user would have to a)be using firefox, b) using linkifier, c) be unwise enough to click the link. Also many of these cases are used when saying they believe avast is detecting something on the site which it shouldn’t.
In this case Linkifikation doesn’t convert text to link.
I still don't see it as security leak as primarily the user would have to a)be using firefox, b) using linkifier, c) be unwise enough to click the link.The lattest point is not the least probable. Humans are the weakest parts of IT systems. :)
Also many of these cases are used when saying they believe avast is detecting something on the site which it shouldn't.I hope so too. No, not "hope" - I believe.
PS: And here is the end of the off-top.