Hi
I'm more and more confused about the last link i've tested...
http://dl2.vip0installer.com/download/Base/450233/candide/java.exe
4 hours ago virus total detected with the MWG Engine the File as Artemis.
Using MWG 7.5.1 it was also detected once as Artemis.
10 minutes later the engine claims the Download as safe....
A few minutes ago virus total told me also the link is safe with the Webgateway engine....
| AVG | Generic.742 | 20150211 |
| AVware | InstallIQ Installer (fs) | 20150211 |
| AhnLab-V3 | PUP/Win32.SoftPulse | 20150211 |
| Antiy-AVL | RiskWare[Downloader:not-a-virus]/NSIS.Agent | 20150211 |
| Avast | Win32:Adware-gen [Adw] | 20150211 |
| Avira | APPL/InstallIQ.Gen4 | 20150211 |
| Bkav | W32.HfsAdware.D906 | 20150211 |
| Comodo | Application.Win32.InstallIQ.B | 20150211 |
| DrWeb | Adware.Downware.9715 | 20150211 |
| ESET-NOD32 | a variant of Win32/InstallIQ.A potentially unwanted | 20150211 |
| Fortinet | Riskware/Agent | 20150211 |
| GData | Win32.Application.InstallIQ.F | 20150211 |
| K7AntiVirus | Unwanted-Program ( 0040f9a91 ) | 20150211 |
| K7GW | Unwanted-Program ( 0040f9a91 ) | 20150211 |
| Kaspersky | not-a-virus:Downloader.NSIS.Agent.ij | 20150211 |
| Malwarebytes | PUP.Optional.SafeInstall.A | 20150211 |
| NANO-Antivirus | Riskware.Win32.Searcher.csnymk | 20150211 |
| Qihoo-360 | HEUR/QVM41.1.Malware.Gen | 20150211 |
| Sophos | InstallQ | 20150211 |
| TrendMicro-HouseCall | Suspicious_GEN.F47V0209 | 20150211 |
| VBA32 | suspected of Trojan.Downloader.gen.h | 20150211 |
| VIPRE | InstallIQ Installer (fs) | 20150211 |
| ALYac | | 20150211 |
| ... | | |
| 1 |
| McAfee | | 20150211 |
| McAfee-GW-Edition | | 20150211 |
| MicroWorld-eScan | | 20150211 |
This is very strange to me..... (The link was also rated as malicious for about 1 hour... now it's uncategories again.)
@dstraube: yes the rule Set URL Filter Internal Settings is configured in our ruleset.
