Hello - I own a site (wxw.southernairboat.com) that Avast has started blocking within the past week and am looking for some help to figure out just what it is that Avast doesn’t like. Avast was initially blocking the entire site, but within the last couple of days appears to be blocking our phpbb3 forum only.
Here’s some details:
I access the site with several other computers and antivirus programs with no problem. - I have manually searched site files, with my limited knowledge, looking for recent changes- Sucuri.net constantly monitors the site and I have scanned it with every online site scanner I have found with clean results every time.- I have installed Avast on one of my computers and have been reporting the site as a “false positive” regularly for about a week.
Here’s some scan results:
hxxp://sitecheck.sucuri.net/results/southernairboat.com
hxxp://www.urlvoid.com/scan/southernairboat.com/
hxxps://www.virustotal.com/en/url/a83c4a7fa671abb0f22b749a4db4bd69adc254c3e197ef4d673c21c4bd91746d/analysis/1376489254/
To both posters:
Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
Even more so as the links cause avast to alert on its own support forum.
There is still something there that is causing avast to alert and I believe it may well be the analysis links, if avast looks further at the links on site it would then hit the suspect URL responsible for what looks like a driveby download.
Every time I open this topic I get the alert.
So all links including analysis ones need to be modified.
Yes that is likely to filter through/escalate from a web shield alert to the network shield adding this to the malicious sites list as more and more people get the alerts.
The file “/calendar/overLIB/overlib_mini.js” does not appear to have been modified since Jan. 2011. I have also compared it to a fresh copy downloaded from the overlib site and found no changes. Also, the main calendar page on our site uses it with no alerts from Avast: hxxp://wxw.southernairboat.com/calendar.php
Would this be possible if “overlib_mini.js” was the file that Avast does not like?
That particular file being blocked (…phpBB3/download/file.php?id=10884) was the image file of the Avast alert that I had just posted in my forum. My initial post here used the img tags to display it…my bad on that move.