|
Title: [Fixed] Sophos Anti-Virus says my site is malicious Post by: Clark on April 04, 2013, 06:05:43 PM I changed a bit of JavaScript code last night and this morning I had feedback from users claiming that Sophos had blocked my site, claiming it contained Troj/JSDldr-F.
URL: http://bitcoin.clarkmoody.com/ Is anyone else having the site blocked for them? Please let us know your OS version, browser version, and antivirus software. Would any other Sophos users care to submit false positive reports? http://www.sophos.com/en-us/support/knowledgebase/17327.aspx Edit 2: Sophos seems to have had a problem with the way I was inlining my JavaScript into the main page (for speed). Taking the JS out into include files caused no malware triggers whatsoever. The problem appears to be resolved. The site never contained malware, and I maintained control of my servers and source the entire time. Edit: Using jotti.org reveals this: https://i.imgur.com/OiuOtq5.png Title: Re: Sophos Anti-Virus says my site is malicious Post by: farlack on April 05, 2013, 07:34:15 AM Erm you're probably not seeing many posts because of the fact you're saying your site might be giving trojans..
Are you using free hosting? Anti viruses flag some hosts themself, so if your host is flagged for providing a lot of sites with viruses, they flag you too. I had the same issue with mcaffee a few years ago using a free host. Title: Re: Sophos Anti-Virus says my site is malicious Post by: rme on April 05, 2013, 07:37:59 AM Some antivirus scan files/websites with heuristic algorithms.
Your website is a false positive ;) Title: Re: Sophos Anti-Virus says my site is malicious Post by: btbrae on April 05, 2013, 11:30:48 AM I'm in the UK and I left your page running overnight and woke up to the warning message, that your site has been responsible for distributing malicious software. I use Opera & Avast!
And yeah sorry, I usually close it down when I'm afk. Title: Re: Sophos Anti-Virus says my site is malicious Post by: Clark on April 05, 2013, 02:48:27 PM I'm in the UK and I left your page running overnight and woke up to the warning message, that your site has been responsible for distributing malicious software. I use Opera & Avast! And yeah sorry, I usually close it down when I'm afk. Yandex is partnered with Sophos (which caused the malware flag), and Opera uses the Yandex blacklist for its page screening. Go figure. Title: Re: Sophos Anti-Virus says my site is malicious Post by: Clark on April 05, 2013, 03:06:40 PM I just got off the phone with Sophos, and they're 'sending it to their lab' for analysis...
Title: Re: Sophos Anti-Virus says my site is malicious Post by: ErebusBat on April 05, 2013, 03:12:58 PM I just got off the phone with Sophos, and they're 'sending it to their lab' for analysis... Hope fully some of the techs are bitcoin fansTitle: Re: Sophos Anti-Virus says my site is malicious Post by: Clark on April 05, 2013, 04:55:29 PM Well I took out the embedded JavaScript and re-scanned the file with that online scanner, and it passed Sophos. Hopefully they will update their Yandex blacklist so Opera users will continue to use the site.
Can any Sophos users confirm that the site passes? Title: Re: Sophos Anti-Virus says my site is malicious Post by: tpantlik on April 06, 2013, 10:17:24 AM https://www.virustotal.com/cs/url/f6cfaa9ebfbf8935b09e6a9a7bc37c7e853cd0a2858a424a0ea524b8d66c35a9/analysis/1365243245/ (https://www.virustotal.com/cs/url/f6cfaa9ebfbf8935b09e6a9a7bc37c7e853cd0a2858a424a0ea524b8d66c35a9/analysis/1365243245/)
Yandex still say it is malware site. Title: Re: Sophos Anti-Virus says my site is malicious Post by: Herodes on April 06, 2013, 11:24:45 AM False positive, I guess they don't care much ? Perhaps somebody should sue their ass! :o
Title: Re: Sophos Anti-Virus says my site is malicious Post by: Clark on April 06, 2013, 03:07:21 PM A couple people told me over email that the site it no longer triggering alerts on Sophos. Yandex will hopefully update its blacklist soon.
Title: Re: Sophos Anti-Virus says my site is malicious Post by: Herodes on April 06, 2013, 05:04:42 PM A couple people told me over email that the site it no longer triggering alerts on Sophos. Yandex will hopefully update its blacklist soon. That's good. More interestingly it would be to find out what triggered it ? What kind of code triggered it. I would think you don't have any malware on your site in the first place.. Title: Re: [Fixed] Sophos Anti-Virus says my site is malicious Post by: hiltonizer on April 06, 2013, 08:43:49 PM Sophos was blocking it for me the other day, haven't tried again on those machines. Both vanilla Win 7 Pro x64 systems.
Checkpoint IPS is blocking something to, the CSS I think, but not the whole site. Title: Re: [Fixed] Sophos Anti-Virus says my site is malicious Post by: Michael_S on April 07, 2013, 07:50:38 PM I still have a warning from Yandex with Opera 12.02 on Ubuntu 8.04, right at this moment.
|
