Avast WEBforum

Other => Viruses and worms => Topic started by: benoit.rogez on December 02, 2021, 03:35:25 PM

Title: False positive on our website
Post by: benoit.rogez on December 02, 2021, 03:35:25 PM

Hello,
It seems our website wXw.3dvf.com is blocked by Avast & Avast Secure Browser.

This is a false positive:
https://www.virustotal.com/gui/url/956b7208673a1e6b9f7be1ebf15d24eb265e4ce11838ba7332124c77086c5948
https://sitecheck.sucuri.net/results/www.3dvf.com

We have sent a request using the false positive form ( https://www.avast.com/false-positive-file-form.php ) 48 hours ago and haven't received a reply yet: any chance you could help us on this issue?

Title: Re: False positive on our website
Post by: DavidR on December 02, 2021, 05:20:35 PM

Please 'modify' your post change the URL from www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Avast is still alerting on the site as it appears to be loading a css file and that is what avast is objecting to.  See attached image.

Also I got a notice from Firefox as the site apparently doesn't have https.  That may be the fact that avast has alerted, preventing that.
That said a couple of check I normally run are unable to scan the site.  However, the sucuir.net link you posted isn't completely clear.

Also see - https://urlscan.io/result/8eaac21d-8b75-46d9-a494-74d351ad89d6/

Title: Re: False positive on our website
Post by: polonus on December 02, 2021, 11:04:31 PM

DavidR is right, and it is not only avast that finds this website malicious,
detected malicious file by Quttera's in:

Quote

/magazine/les-news-quotidiennes-3dvf/#
Severity:   Malicious
Threat:   Heur.HTML.SpamSEO.gen
Reason:   SEO or Spam content detected
Details:   Detected malicious SPAM/SEO content
Line:   881
Offset:   55909
Threat dump:   View code *
Threat dump MD5:   DBBB635CE87E51D31BA16179DEA07C35
File size[byte]:   206651
File type:   HTML
Page/File MD5:   C6D420EB7A9044140F7F091BE1510991
Scan duration[sec]:   4.596

malcode observed:

Quote

[[<a href="htxps://www.3dvf dot com/madmarica-specialiste-du-voxel-art/" title=" MadMaraca, sp\xC3\xA9cialiste du voxel art ">MadMaraca, sp\xC3\xA9cialiste du voxel art</a>]]

Outgoing links on website:
-https://vimeo.com/3dvf
 
-https://www.3dvf.fr
 
-https://twitter.com/3dvf
 
-https://www.facebook.com/3dvfCG/
 
-https://www.evolix.fr/
 
-https://www.youtube.com/user/3DVFTV

polonus

Title: Re: False positive on our website
Post by: benoit.rogez on December 02, 2021, 11:28:49 PM

Hello DavidR, hello Polonus,

Thanks! I'll check the CSS file issue with our technical team.
The https issue probably is indeed Avast-related: I don't seem to have any notice from Firefox when using another security tool.

As for the malicious code detected by Quttera, I don't really understand what the issue could be, since this is just a regular link to an article, but we'll take a look at it as well.

Again, thanks for your help !

Title: Re: False positive on our website
Post by: DavidR on December 03, 2021, 01:11:55 AM

You're welcome.

As avast user we are limited in what we can do other than give tips that might be helpful.

Title: Re: False positive on our website
Post by: redwolfe_98 on December 03, 2021, 02:43:02 AM

for whatever reason, the website also is being blocked by malwarebytes.