I have a web pages and there goes download page.
When I try to download file from my webpages avast is reporting Win32:Evo-gen [Susp] virus detection on the file being downloaded (it might be download process also or something).
My first though was that server is infected/hacked (not excluded it is really like that) so took ftp and downloaded files locally to my box (the same ones being reported infected on the very same box also). After ftp download, I ran avast virus check on those files and then files were being reported as clean.
Files being downloaded are .rar and .zip format.
How can I help you to check and sort this out? What might be different with desktop scan and browser plugin scan? How can i change download process not to trigger named virus detection.
Best regards,
K.
P.S. I don’t want to scare my customers that they are downloading virus infected files!
You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
Avast I use is free home edition, the latest version. Application I made is .NET application and the web is asp.net 2.0. Download process is not direct download link, so I suppose this is something that is triggering FireFox Avast plugin detecting above mentioned thing. As for zip/rar file being downloaded I’m 99% sure it’s not infected and desktop virus scan is reporting them both clean.
So in other words if IP is being recorded to be potential malicious source, then host header name can be recorded also, isn’t it? Could that be resolution to all the problems filtering out not malicious sites on the IP. Personally I cannot force my ISP to filter out malicious sites (especially if I don’t know which of them are the ones causing problems), and on the other hand switching to another ISP could result with the same problem.