FP: anonymoX

I’ve been using following Firefox add-on for a year along with paid version of avast! Internet Security without any issue, but since the last update of virus definitions avast! has started thinking that it’s a virus: https://addons.mozilla.org/en-US/firefox/addon/anonymox/

I consider myself an advanced user, it’s been almost 6 years since my PC caught a virus. I haven’t installed any new program in the last 3 months or connected a jump drive to my PC. Once I disable the aforementioned add-on avast! goes about its business. With avast! disabled, and the add-on enabled, Malwarebytes doesn’t find anything unusual with my PC.

The add-on is important to me, and I believe it’s a FP on avast’s part. Please solve the issue.

Thanks!

Hi,
as far as our users reported, a URL was flagged by avast, which you can see in the message you are probably getting. I reported this as fp, hoping to hear back soon.

Same thing happened little more than a year ago:
https://forum.avast.com/index.php?topic=100964.0
https://forum.avast.com/index.php?topic=100974.0

chris

Google also detects script from insecure sources there, see warning here: https://forum.avast.com/index.php?topic=100964.0
IDS alerts for same IP as add-on IP: ssp_ssl: Invalid Client HELLO after Server HELLO Detected
http://urlquery.net/report.php?id=56773 Best policy is to suppress the specific alerts in the network stack *
error connecting php
= $alert_dbname : MySQL database name where the alerts are stored *
= $alert_host : host where the database is stored
= $alert_port : port where the database is stored
= $alert_user : username into the database
= $alert_password : password for the username

polonus

I have no alerts there, Avast IS 8.0.1489 newest database.

Using Google Chrome.

I’m also not getting any alerts going to that uri and also not while downloading the add-on,

polonus

When anonymous is disabled, avast! doesn’t report anything, but as soon I as I enable it avast goes ape sh…

Here are the screenshots:

http://i43.tinypic.com/2n6drvr.jpg

http://i42.tinypic.com/2q2lnr9.jpg

You can report a false Positive here: http://www.avast.com/contact-form.php

You may ad a link to this topic in case they reply.

I reported this case two days ago with no reply. Shall I query again, do I have to send all affected users a link to the contact form or is the response time that long?

chris

It depends from time to time, they must investigate it and they must find out what is causing the
False Alert. And then they must fix that.

Normally they are reacting moderately fast. I had also sent some Malware to them and it took up to an half week
till Avast was detecting it.

Is the Alert still there with the newest update?

14.8.2013 - 130814-1

This was released to fix False Alarms.

Yeah, the alert is still there with the latest update.

I reported it to them I think the day I posted on the forum, but no reply from them thus far. So, I’ve again reported it to them today.

Hello,
ca you post IP addres on which the URL (anonymox.net) recognizes to you when the alert appears?

Milos

Here:

http://i42.tinypic.com/1567q0k.jpg

Hi anonymox-chris,

Server at main9.anonymox.net does not support SSLv2 cyphers, but does support the SSLv2 protocol.
You should be aware of the following -
There exists an alleged attack being performed against squid proxies: https://services.netscreen.com/restricted/sigupdates/nsm-updates/HTML/APP%3APROXY%3ASQUID-PROXY-CACHE.html - a successful attack can result in a denial-of-service condition
and http://www.security-database.com/detail.php?alert=USN-1713-1

polonus

The domain nor the IP is not blocked. Look into “c:\ProgramData\AVAST Software\Avast\log\nshield.log” and there should be line containing blocked URL and the corresponding IP.

Milos

The domain nor the IP is not blocked. Look into "c:\ProgramData\AVAST Software\Avast\log\nshield.log" and there should be line containing blocked URL and the corresponding IP.

Milos

I don’t have log in my Avast folder :-:

http://i42.tinypic.com/aauqld.jpg

Also, I’m no longer getting the alert.