How to exclude URLs?

Avast Free Antivirus / Premium Security
1

I’ve been trying to whitelist the whole domain fuskbugg.se but Avast still blocks it! Why? How do I get this to work?

http://s1.bild.me/bilder/030611/3651195screenshot_2011-10-13_11-51-53.png

2

Is this your site ?

I don’t know why the exclusion isn’t working for you, I tried to visit the site and got an immediate alert on scriptIP-inf (image1)

At first I thought it might be the affiliate rotator script to affiliator.com, image2. But it might just be your image rotator javascript file, I didn’t check that.

I too have tried excluding it and added to my Web Shield exclusions and got a partial load of the page (which effectively means that the exclusion is working for the web shield), before the Network Shield alerted (image3) on a specific file at data.fuskbugg.se/skalman01/-_DSSC4641.JPG.

So I would suggest that you have that scanned at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page.

####
So there is a possibility the site is infected/hacked.

I don’t know if this site flags it as infected because it doesn’t have permissions to access that area, http://sitecheck.sucuri.net/scanner/, image4.

3

Further Update, got another network Shield alert on the favicon.ico file when leaving the site.

So I would be very wary of excluding this site until you know it is clean for certain.

4

That may also be the reason why the exclusion “doesn’t work” (I tried and it seemed to work fine) - the exclusions for WebShield won’t affect the NetworkShield (which doesn’t have any exclusion settings).

5

It’s a popular Swedish file and image-hosting website were people can upload their pics and other files. It have been online for years.
Is it possible that someone uploaded a infected file and Avast decided that the whole site was dangerous and blocked it? No other AV-apps seem to block it.

6

@ KUKEN
I would say that this is a strong possibility, I would report this to the webmaster.

Yes, it wasn’t clear from the OPs post if the web shield continued to block it, I suspect not, as when I excluded it in the web shield it allowed access and partial page loading until the Network Shield alerted.

7

You’re right, now it’s the Network-sheild that blocks it. And there is no way to add URLs to a whitelist for the Network-shield?

8

That is right there is no user settings for the Network Shield.

Given the path to that /----------------favicon.ico in the last image of mine it looks suspect at the very least, all those ----- in the file name isn’t normal and it isn’t the network shield concatenating the path as that is generally represented by /…/

9

Yes but this is a filehost, I dont visit the site. People usually only hotlink pictures from it and I dont see the reason for Avast to block everything. I guess the only choice I got it to turn of the Network-filter or switch AV-app.
Thanks for the help!

10

Whilst that is correct, hackers don’t generally worry about that, if they are linking directly to a download/image, that if it is loaded/displayed in the browser the favicon.ici file is usually displayed in the address bar and bingo (if infected your hit). So the favicon.ico (or replacement) is a big target.

In all honesty, you would be crazy disabling the network shield (until you are 100% sure the site isn’t infected), both the web and network shields have a very high accuracy rate.

11

UrlBlocker whitelisting is not there and should not be there. If you think it’s a FP - report it. People here have the skills to evaluate the situation.

In this case it’s the combination of fuskbugg.se owners sloppiness and paranoid setting of our blocker. I fixed the bad block but it will probably return soon, as the data regularly uploaded there are malware and they let upload executables under .jpg filename.