4 Replies Latest reply on Dec 14, 2011 8:53 AM by itflyer

    False positive Heuristic.BehavesLike.JS.Suspicious.A

      I administrate several PHPBB3 forum sites on different servers. I have been inundated with email from users today who are unable to access the sites. When they attempt to access the sites, they are shown this error:

       

      Request Blocked by Proactive Scanning

       

      Your request to URL "http://goldwingdocs.com/forum/index.php/" has been Blocked by McAfee Web Gateway Proactive Scanning. The program could potentially perform operations, which is not allowed by your administrator at this time.

       

      Malware Name:

      McAfeeGW: Heuristic.BehavesLike.JS.Suspicious.A

       

      URL:

      http://goldwingdocs.com/forum/index.php

       

      File:

      http://goldwingdocs.com/forum/index.php/

       

      File Type:

      -

       

      Reputation Level:

      Neutral

       

       

      The version of the scanner is McAfee-GW-Edition2010.1D.

       

      Utilizing http://www.virustotal.com to examine a large number of PHPBB3 forum sites, it appears that this version of McAfee is reporting virtually every PHPBB3 board with this false positive - including the PHPBB home site forum at http://phpbb.com/community/index.php

       

      Please fix this false positive problem quickly!