Avast WEBforum

Other => Viruses and worms => Topic started by: Lisandro on November 08, 2015, 01:05:59 AM

Title: Live malware in forums (or false positive?)
Post by: Lisandro on November 08, 2015, 01:05:59 AM

-https://forum.avast.com/index.php?topic=178815.0;topicseen  >:(

Title: Re: Live malware in forums (or false positive?)
Post by: polonus on November 08, 2015, 01:22:01 AM

Hi Lisandro,

I PM-ed you and I have adopted the posting accordingly.
All live links were already removed, so an alert could not have been for "live malcode"or anything with a payload, as this code was also given on Sucuri result page. Live links are always being given broken by me, so no one can click those links by mistake.

polonus

Update - confirmed posting has no malcode in it.

Title: Re: Live malware in forums (or false positive?)
Post by: polonus on November 08, 2015, 01:47:09 PM

L.S.

Let me explain these false positives versus non-false positive detections on online third party scan results.
This is because Avast detection in some cases cannot distinguish between real detections or detection code as given on online scanners like Sucuri´s scan result pages or Quttera´s or Zulu Zscaler´s etc.
So Avast flags as if it were the real McCoy!
The code represented there has no real payload and is not dangerous, but the Avast detection can be triggered nevertheless even while the malware address has been broken as too much of the code that should be detected is revealed. That is why I always break code. So when a user get a detection on a malware scanning page and Avast immedeately blocks the results with an alert this is a false positive. It is obvious these links should be mentioned as producing such false positives that are not false positives but quite harmless.
It would be a good thing website owners, website hosters and staff should read here to be better protected against such threats so the Avast users will not get such alerts or far less alerts. Too many times code is vulnerable, software is insecurely configured, and website owners and hosters just do not know what they are doing security-wise. I hope for growing awareness, but where to start.

One thing is sure however - Avast website security is really `top of the bill´, so keep these visors and shields up,
we have more than excellent protection!

polonus (volunteer website security analyst and website error hunter'