Bitcoin Forum
November 14, 2024, 12:09:06 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [Fixed] Sophos Anti-Virus says my site is malicious  (Read 3204 times)
Clark (OP)
Hero Member
*****
Offline Offline

Activity: 548
Merit: 502


So much code.


View Profile WWW
April 04, 2013, 06:05:43 PM
Last edit: April 06, 2013, 03:13:16 PM by Clark
 #1

I changed a bit of JavaScript code last night and this morning I had feedback from users claiming that Sophos had blocked my site, claiming it contained Troj/JSDldr-F.

URL: http://bitcoin.clarkmoody.com/

Is anyone else having the site blocked for them? Please let us know your OS version, browser version, and antivirus software.

Would any other Sophos users care to submit false positive reports? http://www.sophos.com/en-us/support/knowledgebase/17327.aspx

Edit 2:
Sophos seems to have had a problem with the way I was inlining my JavaScript into the main page (for speed). Taking the JS out into include files caused no malware triggers whatsoever.

The problem appears to be resolved. The site never contained malware, and I maintained control of my servers and source the entire time.


Edit:

Using jotti.org reveals this:

farlack
Legendary
*
Offline Offline

Activity: 1310
Merit: 1000



View Profile
April 05, 2013, 07:34:15 AM
 #2

Erm you're probably not seeing many posts because of the fact you're saying your site might be giving trojans..

Are you using free hosting? Anti viruses flag some hosts themself, so if your host is flagged for providing a lot of sites with viruses, they flag you too. I had the same issue with mcaffee a few years ago using a free host.
rme
Hero Member
*****
Offline Offline

Activity: 756
Merit: 504



View Profile
April 05, 2013, 07:37:59 AM
 #3

Some antivirus scan files/websites with heuristic algorithms.
Your website is a false positive  Wink
btbrae
Hero Member
*****
Offline Offline

Activity: 680
Merit: 500


View Profile
April 05, 2013, 11:30:48 AM
 #4

I'm in the UK and I left your page running overnight and woke up to the warning message, that your site has been responsible for distributing malicious software. I use Opera & Avast!

And yeah sorry, I usually close it down when I'm afk.
Clark (OP)
Hero Member
*****
Offline Offline

Activity: 548
Merit: 502


So much code.


View Profile WWW
April 05, 2013, 02:48:27 PM
 #5

I'm in the UK and I left your page running overnight and woke up to the warning message, that your site has been responsible for distributing malicious software. I use Opera & Avast!

And yeah sorry, I usually close it down when I'm afk.

Yandex is partnered with Sophos (which caused the malware flag), and Opera uses the Yandex blacklist for its page screening. Go figure.

Clark (OP)
Hero Member
*****
Offline Offline

Activity: 548
Merit: 502


So much code.


View Profile WWW
April 05, 2013, 03:06:40 PM
 #6

I just got off the phone with Sophos, and they're 'sending it to their lab' for analysis...

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

I am the one who knocks


View Profile
April 05, 2013, 03:12:58 PM
 #7

I just got off the phone with Sophos, and they're 'sending it to their lab' for analysis...
Hope fully some of the techs are bitcoin fans

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Clark (OP)
Hero Member
*****
Offline Offline

Activity: 548
Merit: 502


So much code.


View Profile WWW
April 05, 2013, 04:55:29 PM
 #8

Well I took out the embedded JavaScript and re-scanned the file with that online scanner, and it passed Sophos. Hopefully they will update their Yandex blacklist so Opera users will continue to use the site.

Can any Sophos users confirm that the site passes?

tpantlik
Full Member
***
Offline Offline

Activity: 136
Merit: 100


View Profile
April 06, 2013, 10:17:24 AM
 #9

https://www.virustotal.com/cs/url/f6cfaa9ebfbf8935b09e6a9a7bc37c7e853cd0a2858a424a0ea524b8d66c35a9/analysis/1365243245/

Yandex still say it is malware site.

Gods sent us a powerful tool - cryptography - to fight with those who are trying to exploit us. USE IT!!
Herodes
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
April 06, 2013, 11:24:45 AM
 #10

False positive, I guess they don't care much ? Perhaps somebody should sue their ass!  Shocked
Clark (OP)
Hero Member
*****
Offline Offline

Activity: 548
Merit: 502


So much code.


View Profile WWW
April 06, 2013, 03:07:21 PM
 #11

A couple people told me over email that the site it no longer triggering alerts on Sophos. Yandex will hopefully update its blacklist soon.

Herodes
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
April 06, 2013, 05:04:42 PM
 #12

A couple people told me over email that the site it no longer triggering alerts on Sophos. Yandex will hopefully update its blacklist soon.

That's good. More interestingly it would be to find out what triggered it ? What kind of code triggered it. I would think you don't have any malware on your site in the first place..
hiltonizer
Member
**
Offline Offline

Activity: 104
Merit: 10



View Profile
April 06, 2013, 08:43:49 PM
 #13

Sophos was blocking it for me the other day, haven't tried again on those machines. Both vanilla Win 7 Pro x64 systems.

Checkpoint IPS is blocking something to, the CSS I think, but not the whole site.

DarkCoin: XiZutyRTPTEFQm5aH2de2SCmzfgE6B78uK
Bitcoin: 1P4wYgkKTh3WzHUGqLFaef23bAeM4UV2jB
Michael_S
Sr. Member
****
Offline Offline

Activity: 278
Merit: 251


Bitcoin-Note-and-Voucher-Printing-Empowerer


View Profile
April 07, 2013, 07:50:38 PM
 #14

I still have a warning from Yandex with Opera 12.02 on Ubuntu 8.04, right at this moment.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!