Author Topic: How can site owners get in front of being URL:Mal blocked?  (Read 1277 times)

0 Members and 1 Guest are viewing this topic.

Offline unjustlymald

  • Newbie
  • *
  • Posts: 1
How can site owners get in front of being URL:Mal blocked?
« on: April 08, 2022, 11:09:17 PM »
Questions:

Can someone from Avast explain how a URL:Mal blacklist blockage for an entire domain is triggered?
Is it based on security research blacklists, or Avast's own scanning?  If the former, can someone provide information about which blacklists are consulted and what the threshold is for a block?
When a false positive report is submitted and a site becomes un-blocked when no changes were made on the site, what is the likelihood of becoming re-blocked (since theoretically whatever condition triggered the block is still there)?
Is URL:Mal about malicious sites, or malware?  The difference is pretty huge depending on which research blacklist you're looking at (if that's where these blocks are coming from).

Story:
- Our site got blocked for URL:Mal for all visitors using Avast/AVG.
- We scanned all resources and found nothing suspect.
- Many times on these forums, site owners are referred to blacklists and blacklist aggregators to check their domains
- Consulting pretty much every blacklist db/aggregator, it seems we have been blacklisted by 3 lists.  Each of these lists has varying degrees of documentation about triggers and varying ability to submit false positive reports.  These vary from zero information/ability (like Cy-whatever) to 'difficult' (like CRDF).
- A customer of ours submmitted a false positive report to Avast and we were unblocked.
- Everything has been fine for 2 days, but we're concerned about getting re-blocked and want to understand how to address the root cause of the original block.

Thanks!

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2625
Re: How can site owners get in front of being URL:Mal blocked?
« Reply #1 on: April 11, 2022, 08:40:02 AM »
Hi,

Please request more details via https://www.avast.com/false-positive-file-form.php