Website and email incorrectly categorized by Avast as spam/virus - need help

[REDACTED]

Hi Avast Team,
A few weeks ago, I started receiving complaints from a few customers of mine that my website was categorized as spam/unsafe by Avast, and since then Avast users have also been in touch with me that either my e-mails are considered spam and/or their attachments are being quarantined. The problem is this - only Avast users are having problems opening my site, e-mails and attachments. No other users who have your competitor's products are having problems. In addition, my computer, networks and files have been scanned by multiple products and by IT professionals - and none can find the viruses your system is claiming.

I contacted customer support online twice in the last month to explain this issue and try to seek resolution, but nobody has responded to me. Today I contacted your phone support, and your customer service rep told me that I had to handle this online because your phone support is only for users of your software and that your company has no way of handling any other types of complaints via phone, nor is there even a phone number to your department where I can call to speak with someone. I preferred not to place this in a public forum, but it seems to be my only option.

What I'm looking for is for someone at Avast to assist me in declassifying my website and email as spam and virus laden - because it isn't and this categorization is affecting my business.

Thank you.

[polonus]

Hi jennifer57,

How can we comment if we do not know the domain name of that site?
If you do not want to share the domain name here, contact Avast team members directly.
(this is the official avast user forums).
When you wanted to share the website address or IP, as we have relevant knowledge,
we could probably tell you why it is flagged by avast or whether this could be a false positive.
Aren't you not also flagged by Bitdefender for instance?

polonus (volunteer website security analyst and website error-hunter)

[REDACTED]

I'm not flagged by anyone else. The domain is www.raisethebarllc.com

Like I mentioned, this is the only place where it seems I could reach anybody. My previous messages via customer support went unanswered. If there's a phone number I can call or a web chat I can use to directly speak with someone, please send that information my way.

Thank you for your help.

[Michael (alan1998)]

Well,

[Deleted]  - Michael

Sucuri gives an All clear ==> https://sitecheck.sucuri.net/results/www.raisethebarllc.com/

URLQuery gives an Indication of a possible IP Address Block: http://urlquery.net/report.php?id=1438464717325

Note under Recent Reports on IP (Last 6). 5 are infected. All tagged "Malware" or "Phishing"

Zulu Doesn't like GoDaddy, however, not reason for a block: http://zulu.zscaler.com/submission/show/b20ecbe65fa83ac0026da98a77175a4f-1438464674

I'm assuming you know what files are being Quarantined? if so, can you grab them and scan them at www.virustotal.com and link us to the Reports?

Or, if you prefer, send them to www.wikisend.com, and paste a download link here. (Password encrypt the ZIP/RAR file with "infected").

BitDefender flagged your website within Virustotal. https://www.virustotal.com/en/url/6bbde95c9cd17c54d368da17772fd44b0ebc3136964834ce295972e068fe8749/analysis/1438464728/

[polonus]

Hi Jennifer57,

Good we have this in the open now, because I sincerely hope your website hosting staff will read this posting also.
The issues are certainly connected with the reputation of your hoster and the IP you share with other domains that could have become blocked. See recent reports on same IP/ASN/Domain
Last 6 reports on IP: 173.201.93.1 here: http://urlquery.net/report.php?id=1438464717325
and of course this VT report for 173.201.93.1: your site is mentioned there twice as you see it flagged: https://www.virustotal.com/nl/ip-address/173.201.93.1/information/
Also see latest detected files that were downloaded from this IP address (malware is being launched from that IP) and you see a majority of AV vendors alerting such detections.
You could ask for an exclusion for what I suspect is a general IP block.
Re: Ip is on 4 blacklists .... seems spam related    multirbl.valli.org/lookup/173.201.93.1.html  (thanks to Pondus for that additional info  )
Personally I would certainly take these issues (Avast and Bitdefender blocking of IP)  up with the hoster of that IP address as they also should protect their clients more pro-actively and not tolerate abuse through other domains on that same IP.
You should take this up with an Avast team member as only they can make an exclusion for your domain, we are volunteers and cannot do that. But you see yourself that a block of that particular IP address was justified.

polonus (volunteer website security analyst and website error-hunter)

[polonus]

Like to add something in general here.
Every and all hosters like to prevent malware to enter their servers, but it is hard to protect against for instance sniffing FTP passwords or abuse vulnerabilities or exploits in customer installed or programmable software.

Most encountered malcode is: injections of http-access, html, or php, obfuscated via 'base64' encoding;
shellbots/irc bots. Through such scripts an attacker can run commands on a shared hoster's user account; spam-scripts, scripts to send bulk mail on a shared hosting's account; exploit scripts to hack the server; phishing pages  that pretend to be from a financial organization or network sites to get to user data.

All this malware can function when an attacker got hold of particular FTP data via a third party or malware, spyware etc.

A hoster tries to keep such attacks at bay via protection like Mod_security and trying to isolate the infested user.

Shared hosting could mean having "noisy neighbours", that create abuse problems for others. Blacklisting via a spamtrap alert or because of a mailrun should screen mailserver abuse. Agressive file scanners could also affect client stability.

Many exploits and vulnerabilities are for known CMS, like WP *, joomla. Hosters should protect pro-actively because a lot of website owners forget to aptly update and patch or keep software on that long has been left by the respective developer.
There certainly are such responsible pro-active hosting parties and we wish them a lot of success,

* An example from a domain on this thread's IP is here: 2015-07-31   2   -lovelyduckie.com/wp-includes/js/wp-emoji-release.min.js?ver=4.2.3   Malware

polonus

[REDACTED]

Thanks everyone! You all are great! I am not that knowledgeable about these issues, so I have sent it on to someone who I hope can help me. Still keeping my fingers crossed that I also hear from someone at Avast.

[Milos]

Hello,
what are your ticked IDs?
Regarding the blocked domain: We blocked it because of ExploitKit Angler. Clean the files on hosting, change passwords, update systems.

Milos