L.S.
Let me explain these false positives versus non-false positive detections on online third party scan results.
This is because Avast detection in some cases cannot distinguish between real detections or detection code as given on online scanners like Sucuri´s scan result pages or Quttera´s or Zulu Zscaler´s etc.
So Avast flags as if it were the real McCoy!
The code represented there has no real payload and is not dangerous, but the Avast detection can be triggered nevertheless even while the malware address has been broken as too much of the code that should be detected is revealed. That is why I always break code. So when a user get a detection on a malware scanning page and Avast immedeately blocks the results with an alert this is a false positive. It is obvious these links should be mentioned as producing such false positives that are not false positives but quite harmless.
It would be a good thing website owners, website hosters and staff should read here to be better protected against such threats so the Avast users will not get such alerts or far less alerts. Too many times code is vulnerable, software is insecurely configured, and website owners and hosters just do not know what they are doing security-wise. I hope for growing awareness, but where to start.
One thing is sure however - Avast website security is really `top of the bill´, so keep these visors and shields up,
we have more than excellent protection!
polonus (volunteer website security analyst and website error hunter'