This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/HTML Gen-A false positive

Hello,

Soory if this message is not in the good place of the forum but I don't know a lot about your software until now so....

Our website www.territoires-memoire.be is blocked on all the compagny who have Sophos antivirus because the threat MAL/HTML Gen A has been find on our site.

We have run a complete test on our website and there is no malware on it.

Could you solved this issue cause it's a real problème for us.

People will think our website is dangerous but it's not....

Thanks a lot,

This thread was automatically locked due to age.

0 QC over 12 years ago

Hello Elisa,
as said on a similar thread a few minutes ago: please contact Support directly (you can also use the Query Form) - they will check (and if applicable re-classify) the site.
HTH
Christian
:37767
Cancel
Vote Up 0 Vote Down

Cancel
0 Elisa over 12 years ago

Hello again,
Here is the answer of the support :
Hello ,
The site is hosted on a nameserver which has been seen hosting malware.
This is the reason for the block.

Let me know if you have any questions.
All the best
The site is hosted on a professional compagny who do not host malware...
"which has been seen hosting malware...." very precise, very helpfull...
Could someone take action ???
:37943
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 12 years ago

Hello Elisa,
very precise, very helpful
do I hear some cynicism?
Could someone take action ???
Indeed the server host several sites. One of the might have been compromised. Naturally Sophos can't divulge more details to a third party (normally an attempt is made to contact a site's owner and possibly the provider when malware is found). In many cases it's not possible (other than hacking the site) to determine whether there is a shared CMS and if the threat is limited to a single site or has the potential to affect other hosted sites as well.
I think you'd have to contact your provider - but I'm not Sophos so you should first Let [support] know if you have any questions .
Christian
:37969
Cancel
Vote Up 0 Vote Down

Cancel
0 Elisa over 12 years ago

Hi Christian,
"do I hear some cynicism?"
yes indeed, I know you are not responsible for that and so I apologize but I think you could understand I'm quite p*** Off.
There is the fact :
Our web site is clearly safe.
In belgium lot of people who works with us (administrations mainly ) uses Sophos.
The consequence:
Firstly, they cannot access our site.
Secondly, they will think we are not reliable.
So, when a nameserver has once upon a time hosted one malware..., you blocked all website on this nameserver for ever ?
And never rerun a query on it ?
And for the support I'm still waiting to ear for them since my last reply.
:37971
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 12 years ago

Hello Elisa,
understandably.
Now, sites are reassessed (at least when Support is contacted but I assume also on a regular basis but certainly not daily). It's not your site alone which is affected but as far as I can see all sites hosted on this particular server. As said, there is no way to determine whether these are truly isolated sites or not when they share the same IP. It seems that "your site" is registered to EXXOSS (and this might be the case for the "other" sites as well), thus I think it's them who should contact Sophos.
Christian
:37973
Cancel
Vote Up 0 Vote Down

Cancel
0 Elisa over 12 years ago

Hi Christian,
It's the first thing we have done and that's why we know our site is safe, they have run 5 anti-virus on it.
On top of that our compagny has a quite big anti-virus also and nothing detected.
That's the reason why we think gen-A is a false positive and not a real threat.
They will contact Sophos support on their side and I hope they will have more weight on the scale.
Anyway thanks for the answer.
Elisa.
:37975
Cancel
Vote Up 0 Vote Down

Cancel