We are getting blocked by avast and we see no issues on our side The site is www.defenderpluseo.com Blocked by pop up that list URL:Mal in chrome and RedirME-inf [trj] in firefox This is also blocking www.defendermax.com
defendermax >> http://killmalware.com/www.defendermax.com/
URL:Mal means blacklisted URL or IP
Besides the blacklisting this needs to be solved :
http://retire.insecurity.today/#!/scan/3ead1ae944ffd76c7e517e797abb5e5fa09f56d93afa963936def8a20c87a35c
http://retire.insecurity.today/#!/scan/20bbeb3e6757cee31b02646b3c78405b43508cc88ec3eaf48fbc18439a8a1e18
Problems on that ASN :
http://urlquery.net/report.php?id=1454958160793
http://urlquery.net/report.php?id=1454958228561
ok by renaming not removing the jquery 1.7.2 file on defendermax the sites now show clean so is that a false positive since the file is not picked back up as malicious
Renaming the file is not the solution.
You need to install the latest jquery package.
I do not see anything malicious on the domain right now, so I am unblocking the domains. Please do not take Eddy’s suggestions lightly though :).
Thank you for your assistance in this matter.
Eddy has a valid point here.
But renaming a vulnerable jQuery library that qualifies for retirement to escape a vulnerable code version detection is known as “security by obscurity” and in that way you are putting your users/visitors at risk. Seems you take that into the bargain, when you wanna cheat, just cheat. Normal procedure is to retire the vulnerable code library, zip file it for later reference and then mitigate the code to a later version that does not come flagged. Any other procedure is not considered “best practices”, just like altering excessive server header info with something else is not. Software should not speak out period.
polonus