Author

Topic: [Fixed] Sophos Anti-Virus says my site is malicious (Read 3211 times)

sr. member
Activity: 278
Merit: 251
Bitcoin-Note-and-Voucher-Printing-Empowerer
I still have a warning from Yandex with Opera 12.02 on Ubuntu 8.04, right at this moment.
member
Activity: 104
Merit: 10
Sophos was blocking it for me the other day, haven't tried again on those machines. Both vanilla Win 7 Pro x64 systems.

Checkpoint IPS is blocking something to, the CSS I think, but not the whole site.
hero member
Activity: 868
Merit: 1000
A couple people told me over email that the site it no longer triggering alerts on Sophos. Yandex will hopefully update its blacklist soon.

That's good. More interestingly it would be to find out what triggered it ? What kind of code triggered it. I would think you don't have any malware on your site in the first place..
hero member
Activity: 548
Merit: 502
So much code.
A couple people told me over email that the site it no longer triggering alerts on Sophos. Yandex will hopefully update its blacklist soon.
hero member
Activity: 868
Merit: 1000
False positive, I guess they don't care much ? Perhaps somebody should sue their ass!  Shocked
hero member
Activity: 548
Merit: 502
So much code.
Well I took out the embedded JavaScript and re-scanned the file with that online scanner, and it passed Sophos. Hopefully they will update their Yandex blacklist so Opera users will continue to use the site.

Can any Sophos users confirm that the site passes?
hero member
Activity: 560
Merit: 500
I am the one who knocks
I just got off the phone with Sophos, and they're 'sending it to their lab' for analysis...
Hope fully some of the techs are bitcoin fans
hero member
Activity: 548
Merit: 502
So much code.
I just got off the phone with Sophos, and they're 'sending it to their lab' for analysis...
hero member
Activity: 548
Merit: 502
So much code.
I'm in the UK and I left your page running overnight and woke up to the warning message, that your site has been responsible for distributing malicious software. I use Opera & Avast!

And yeah sorry, I usually close it down when I'm afk.

Yandex is partnered with Sophos (which caused the malware flag), and Opera uses the Yandex blacklist for its page screening. Go figure.
hero member
Activity: 680
Merit: 500
I'm in the UK and I left your page running overnight and woke up to the warning message, that your site has been responsible for distributing malicious software. I use Opera & Avast!

And yeah sorry, I usually close it down when I'm afk.
rme
hero member
Activity: 756
Merit: 504
Some antivirus scan files/websites with heuristic algorithms.
Your website is a false positive  Wink
legendary
Activity: 1310
Merit: 1000
Erm you're probably not seeing many posts because of the fact you're saying your site might be giving trojans..

Are you using free hosting? Anti viruses flag some hosts themself, so if your host is flagged for providing a lot of sites with viruses, they flag you too. I had the same issue with mcaffee a few years ago using a free host.
hero member
Activity: 548
Merit: 502
So much code.
I changed a bit of JavaScript code last night and this morning I had feedback from users claiming that Sophos had blocked my site, claiming it contained Troj/JSDldr-F.

URL: http://bitcoin.clarkmoody.com/

Is anyone else having the site blocked for them? Please let us know your OS version, browser version, and antivirus software.

Would any other Sophos users care to submit false positive reports? http://www.sophos.com/en-us/support/knowledgebase/17327.aspx

Edit 2:
Sophos seems to have had a problem with the way I was inlining my JavaScript into the main page (for speed). Taking the JS out into include files caused no malware triggers whatsoever.

The problem appears to be resolved. The site never contained malware, and I maintained control of my servers and source the entire time.


Edit:

Using jotti.org reveals this:
Jump to: