fp issue : cfcindia.com

Hi Avast crew,

Thanks for helping make the web a safer place.

I am webmaster of cfcindia.com
Recently we started getting identified by Avast AV as a malicious URL.

We think this was due to us trying to do some page load optimization by using JS packing
The library we use was flagged as troublesome in this post : http://forum.avast.com/index.php?topic=41361.0
We have reverted this change.

Here are some of the scan reports.

Issue free:
http://www.virustotal.com/url-scan/report.html?id=a0520aee5a8bee99b4b84c70046e027e-1300686739
http://www.unmaskparasites.com/security-report/?page=cfcindia.com#additional
http://sitecheck.sucuri.net/scanner/?scan=cfcindia.com
http://wepawet.iseclab.org/view.php?hash=40378cb00d363ff5d0f7592aeebe3c19&t=1300699514&type=js

Problematic:
http://safeweb.norton.com/report/show?url=cfcindia.com
Threats found: 1
Threat Name: HTTP Malicious Toolkit Variant Activity 15
Location: http://cfcindia.com/web/mainpages/media/saturn/index.php?64f56e4997e7c45e7bda6f7eb5a6acfc
Action Taken:
We have removed http://cfcindia.com/web/mainpages/media/saturn and resubmitted our site to safeweb.norton.com for review.

We need your help to clear http://cfcindia.com
Can you scan this site again, and suggest a course of action.

Thanks
Rabi

Seems to be clean.
You can report a FP here: http://www.avast.com/contact-form.php?loadStyles
asyn

Report 2011-03-21 13:55:18 (GMT 1)
Website cfcindia.com
Domain Hash 64e465262104ccf2118e720d389491ed
IP Address 216.246.90.15 [SCAN]
IP Hostname relay.mien-aeon.net
IP Country US (United States)
AS Number 23352
AS Name SERVERCENTRAL - Server Central Network
Detections 0 / 20 (0 %)
Status CLEAN

Report 2011-03-21 13:36:45 (GMT 1)
IP Address 216.246.90.15
IP Hostname relay.mien-aeon.net
IP Country US
AS Number N/A
AS Name N/A
Detections 0 / 26 (0 %)
Status CLEAN

Thanks Asyn for the quick response.

I followed instructions and filed a FP report.

Typically how long does it take for Avast AV to stop flagging the site as malicious?

Rabi

You’re welcome…!
Usually, this gets fixed pretty fast. :slight_smile:
asyn

Hello,
this is a false positive and it will be fixed in next VPS.
Problem was in one pdf.
Best Regards

Sirmer, after the network shield, avast also alerts on the script in the image.

Is this related to what you mentioned, or different.

Scott

It will be fixed too. The reason is that page was in our block list.

Cool :slight_smile:

I guess we can put this to SOLVED now. :wink:
asyn

Thankyou Asyn, Scott & Sirmer.

cfcindia.com (Christian Fellowship Church, Bangalore website) is back online for Avast users, thanks to your quick work.

I admire the pace with which this has been resolved & how this issue has been followed up.

Rabi

You’re welcome, Rabi…!
asyn