Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: OhMyGod on October 16, 2011, 09:16:59 PM

Title: Avast Network Shield is blocking safe image files from Minus.com
Post by: OhMyGod on October 16, 2011, 09:16:59 PM
This just starting happening today as before Minus.com image files were never blocked.
I temporary moved my image files to Limepic.com the exact same images and Network Shield no longer detects them as as malware.

There is no exclusion settings for Network Shield, so everyone who uses Minus.com to host their image files can not access them with Network Shield enabled.

I hope Avast can fix this false positive soon.

Thanks. :)
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: akrolsmir on October 16, 2011, 09:43:36 PM
I'm getting this same problem as well. Is minus really infected or is avast just messing up?
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: bigspanner on October 16, 2011, 09:44:32 PM
Can someone in Avast please explain why Minus.com is blacklisted by the Network Shield?

I did a virustotal.com on the Minus.com url and it comes up clean.

http://www.virustotal.com/url-scan/report.html?id=e2355e0d392dddc4eae525f2bc4689b2-1318785836
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: DavidR on October 16, 2011, 09:53:46 PM
Generally the malicious site blocking is very accurate, and if there are a lot of web shield alerts on the site, malicious uploads of the site getting hacked. The end result is the comminitIQ function reports these and it gets added to the Network Shield.

There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles (http://www.avast.com/contact-form.php?loadStyles) for:  * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.

- If you are reporting an FP, then you get another input field open, click Browse button and navigate to the file or enter the web URL for the site you wish to submit for Network Shield review, etc. A link to this topic also wouldn't hurt.

@@@@
It doesn't look like the whole minus.com domain is blocked, as I was able to visit the main site (image2). So it may be only this sub-domain that is blocked.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: bigspanner on October 16, 2011, 10:10:18 PM
@DavidR,

Sucuri.net also reported that the url is clean.

It seems Avast is blocking everything on Minus.com except its main domain.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: DavidR on October 16, 2011, 11:14:17 PM
I don't know what you input for sucuri.net to scan if you just input http://minus.com (ori.minus.com) it doesn't appear to scan much, it switches to https://minus.com and if you click the triangle to expand the list of what was scanned, it doesn't show a list just the main domain you input and that isn't usual.

See the example if I used forum.avast.com as an example, over 100 items scanned, yet only 1 for minus.com, so I'm really not sure what is or isn't being scanned by sucuri.net.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: OhMyGod on October 17, 2011, 12:53:52 AM
Generally the malicious site blocking is very accurate, and if there are a lot of web shield alerts on the site, malicious uploads of the site getting hacked. The end result is the comminitIQ function reports these and it gets added to the Network Shield.

There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles (http://www.avast.com/contact-form.php?loadStyles) for:  * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Press (Media), issues.

- If you are reporting an FP, then you get another input field open, click Browse button and navigate to the file or enter the web URL for the site you wish to submit for Network Shield review, etc. A link to this topic also wouldn't hurt.

@@@@
It doesn't look like the whole minus.com domain is blocked, as I was able to visit the main site (image2). So it may be only this sub-domain that is blocked.

I already filled out the contact form to report this false positive.
Only [http://i.minus.com] is getting blocked which hosts the images.
It is definitely a false positive probably from a recent signature update.

The domain is clean.

Thanks. ;D

Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: DavidR on October 17, 2011, 01:18:51 AM
Even if you consider it a false positive - Please 'modify' your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: Sneakyone on October 17, 2011, 01:36:11 AM
I'm having the same problem. Images hosted on minus.com's i.minus.com subdomain are getting blocked as a malicious url. This has never happened before and I, a security analyst, have never had any problems with the site and I would appreciate if i.minus.com/108.59.10.222 could be removed from your database as a malicious URL.

Thanks,
Sneakyone
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: OhMyGod on October 17, 2011, 01:40:08 AM
Even if you consider it a false positive - Please 'modify' your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

I have disabled Network Shield and downloaded several images and Avast doesn't detect any malware.
Which leads me to believe it is a just bug in the Network Shield. I even checked file hashes from my original images that I uploaded to Minus and they are exactly the same as the ones on my computer.

If the images are the same ones that I uploaded they can't be infected there is no reason Network shield should block them.

Thanks. ;D
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: DavidR on October 17, 2011, 02:16:20 AM
That doesn't change the point raised, about posting active links to suspect sites, regardless of the fact you think it is a false positive. It is just a bad habit to get into when reporting any suspect site.

So please understand why we suggest that and modify your post.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: OhMyGod on October 17, 2011, 03:22:12 AM
That doesn't change the point raised, about posting active links to suspect sites, regardless of the fact you think it is a false positive. It is just a bad habit to get into when reporting any suspect site.

So please understand why we suggest that and modify your post.

I modified the link just to make you happy, but its not that I think it is a false positive, I know that it is a false positive.

Minus.com has replied to my email that I sent them. They said their site is safe and there is no security threats on their domains, they have contacted Avast to resolve this issue. I have no reason to doubt them since I have been using their services for many years.

Still waiting on Avast to reply to my email.

Good day. ;D
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: kubecj on October 17, 2011, 10:41:05 AM
Infected exe, random filename and oversensitive heuristics. It was fixed few minutes ago.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: DavidR on October 17, 2011, 01:23:42 PM
<snip>
I modified the link just to make you happy, but its not that I think it is a false positive, I know that it is a false positive.
<snip>

I know you know that you believe it to be a false positive, but you would be very surprised by the number of people stating exactly the same and sites claiming to be clean, when the reverse is correct. This is why we suggest breaking the links, thanks for modifying your link.

You now have your answer in the topic from 'kubecj' of the virus labs.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: minusinc on October 17, 2011, 02:02:56 PM
Hi

John here from Minus. Please unblock our URL and we'll remove the viruses in question. If there are any questions please email info@minus.com or to report any issues.

Urgently awaiting response.

Thanks
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: Asyn on October 17, 2011, 02:05:59 PM
Hi

John here from Minus. Please unblock our URL and we'll remove the viruses in question. If there are any questions please email info@minus.com or to report any issues.

Urgently awaiting response.

Thanks

See Reply #12.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: DavidR on October 17, 2011, 02:20:44 PM
John here from Minus. Please unblock our URL and we'll remove the viruses in question. If there are any questions please email info@minus.com or to report any issues.

See kubecj's post, this should have been resolved.

Infected exe, random filename and oversensitive heuristics. It was fixed few minutes ago.

But it is not in the 111017-0 VPS version update (which was before kebecj's post), so hopefully it should be in the next VPS update. Note: I'm an avast user and not an employee of avast, so I can't speak for them.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: minusinc on October 17, 2011, 05:08:20 PM
Thanks. We were told it is resolved now and will be in the next definition update.

Hope that goes out soon? :)
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: minusinc on October 17, 2011, 07:31:40 PM
How can I check if Minus is unblocked?
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: bigspanner on October 17, 2011, 07:41:43 PM
Hi John,

As of my post, the VPS version is still 111017-0, meaning that minus^com is still not in the clear, until, hopefully the next VPS update.

Can anyone from Avast enlighten us when the next VPS will be? I had just updated my Avast and the latest is 1110170-0.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: CraigB on October 17, 2011, 07:47:23 PM
Hi John,

As of my post, the VPS version is still 111017-0, meaning that minus^com is still not in the clear, until, hopefully the next VPS update.

Can anyone from Avast enlighten us when the next VPS will be? I had just updated my Avast and the latest is 1110170-0.
Try again in 1,2,3 hours could be anytime soon.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: minusinc on October 17, 2011, 08:07:59 PM
Thanks. I'm not familiar with Avast, but it updates virus definition daily? If so please let me know if you guys see Minus.com unblocked.

Cheers
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: bigspanner on October 17, 2011, 08:10:47 PM
@DavidR,

Sorry for digressing, but there is no PM in this forum, so I like to ask you what software you using to capture the image b4766.png?

I have been trying to find a software (hopefully free) that is able to remove parts of an image and stitch the image together, as what you've done. Again, sorry for digressing.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: DavidR on October 17, 2011, 08:23:24 PM
Check my signature in my posts, surprising what you will find there SnagIt 10.0 Image Capture, it isn't free but it is a great tool.
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: Milos on October 17, 2011, 08:50:37 PM
Hello,
next VPS release should be about today's midnight CET.

Milos
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: minusinc on October 17, 2011, 08:53:10 PM
Thanks so much.

Is there anyway to whitelist/safelist Minus.com and Min.us domains?

We can provide direct contact for issues if needed
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: minusinc on October 18, 2011, 12:30:25 AM
Can anyone verify if the latest virus definition update has fixed/unblocked Minus.com ?

Cheers!
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: DavidR on October 18, 2011, 12:42:35 AM
I believe it (VPS version 11101701) has corrected it, as when trying to download the i.minus.com/smedia/minus/images/dark-mode.png file that was in the image in the first post as a test, I don't get an immediate alert by the network shield. Though I do get a server error, possibly the dark-mode.png file isn't there or some other issue
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: bigspanner on October 18, 2011, 01:04:44 AM
@DavidR,

Got it. SnagIt 10.0 Image Capture indeed.:)
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: bigspanner on October 18, 2011, 01:09:31 AM
Yup, VPS version 11101701 had corrected it. All's clear on Minus^com now.
I tested it. No Avast alert anymore. Files are served as well as before.

Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: OhMyGod on October 18, 2011, 02:26:38 AM
Thanks Avast for handling this issue in a timely manner.
All my images are accessible with Network Shield enabled.

Avast is the best, of coarse nothing is perfect. False positives are expected from time to time.
Still Avast does better the most of the rest.

Good Job!!  :)
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: minusinc on October 18, 2011, 05:18:36 PM
Appreciate all the help from the Minus.com team here as well :)

Hope we can get safelisted from future false flags. If there are any issues just contact us via http://minus.com/pages/contact

Cheers
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: alpha1 on October 18, 2011, 06:03:05 PM
the bitdefender trafficlight addon (firefox,chrome) also flags site as untrusted and states:
"this domain hosted 20 phishing attacks in the last 90 days".
Title: Re: Avast Network Shield is blocking safe image files from Minus.com
Post by: minusinc on October 20, 2011, 10:38:02 PM
the bitdefender trafficlight addon (firefox,chrome) also flags site as untrusted and states:
"this domain hosted 20 phishing attacks in the last 90 days".

That's not good. We will investigate!