Avast WEBforum

Consumer Products => Avast Mac Security => Topic started by: REDACTED on June 06, 2017, 01:27:42 PM

Title: SOLVED: "Infection detected!" on non-infected page
Post by: REDACTED on June 06, 2017, 01:27:42 PM

Hey gang,

A client has a small Squarespace site - hxxps://smokestak[.]co.uk

Recently they've been getting some notifications from customers regarding Malware Warnings. The site has been inspected by Squarespace support, I have run my own scans, everything is being served over https and I have installed other malware / virus detection software (AVG and BitDefender) to check what they pickup - everything indicates that the site is clear.

Avast, however, is showing the following warning. I have seen previous posts where these types of warnings have been coming up incorrectly.

Can anyone shed any light on this / suggest a possible fix?

**The first Avast warning - http instead of https - is just from where I tested the hxxp://smokestak[.]co.uk before**

Thanks in advance.

(https://lh6.googleusercontent.com/Dc6UTVyHUFYgGAaGFv70PS6b5Vbh5hdE5p4_ZLsMFsec2TlhdFpJOVmN0SS5kyXMaO4uOj28c4GrBpc=w1100-h803-rw)

Title: Re: "Infection detected!" on non-infected page
Post by: Asyn on June 06, 2017, 01:33:27 PM

You can report a URL here: https://www.avast.com/report-a-url.php

Title: Re: "Infection detected!" on non-infected page
Post by: Eddy on June 06, 2017, 03:03:11 PM

avast doesn't say that a infection is detected.
avast says that domain and/or IP is blocked/blacklisted.

Blacklistings on that ASN/IP :
http://urlquery.net/report.php?id=1496751620674

Name mismatch with certificate 2 :
https://www.ssllabs.com/ssltest/analyze.html?d=smokestak.co.uk&s=198.185.159.144&latest

Vulnerable library found :
http://retire.insecurity.today/#!/scan/8d9b02f8862b6972cc25c522b11c12ddeb4e80178a14473dcad60890540d568b

Really bad IP history :
https://www.virustotal.com/en/ip-address/198.185.159.144/information/

My advise :
- Fix the vulnerable library problem
- Fix the certificate mismatch
- Get dedicated hosting

Title: Re: "Infection detected!" on non-infected page
Post by: Pondus on June 06, 2017, 04:05:19 PM

Code: [Select]

https://smokestak.co.uk
http://smokestak.co.uk
Both are blocked by F-Secure. see attached screenshot

Title: Re: "Infection detected!" on non-infected page
Post by: HonzaZ on June 06, 2017, 05:30:21 PM

I have removed smokestak[.]co.uk from our blacklist ;)

Title: Re: "Infection detected!" on non-infected page
Post by: Eddy on June 06, 2017, 05:31:21 PM

I hope only that site is allowed but not the entire IP.

Title: Re: "Infection detected!" on non-infected page
Post by: HonzaZ on June 07, 2017, 09:40:34 AM

There are thousands of unique domains on those IPs, so it is likely we will not ever block those IPs, unless more than ~50% of the domains are malicious.

Title: Re: "Infection detected!" on non-infected page
Post by: REDACTED on June 07, 2017, 10:20:09 AM

Thanks for your help and advice guys.

Beers are on me - everything's working as it needs to.