1 Reply Latest reply on Jun 12, 2012 1:56 AM by asabban

    Malware Detected ?! No Problem

      Anyone else get Malware error trying to get into this site?

       

      http://www.secourisme.info

       

      First page loads, but once I click on the flag I get the Malware Detected message.

       

       

      URL: http://www.secourisme.info

      Media Type: text/html

      Virus Name: MGW: Heuristic.BehavesLike.JS.CodeUnfolding.C

       

      Thank

        • 1. Re: Malware Detected ?! No Problem
          asabban

          Hello,

           

          I can replicate the issue. The problem is the Javascript that is used to hide the eMail address from being caught by bots or spammers. The script uses "String.fromCharCode" to generate the eMail address from - more or less - garbage data, and prints the result on the web site.

           

          This is a similar technology that is used to inject malware into websites. Since MWG (at the moment) cannot execute javascript it is not possible for it to see that the response is a (harmless) eMail address. For MWG this is a code fragment that - once executed - turns into different code. It could be an eMail address or a malicious bit of code.

           

          Therefore this bit of javascript is detected by the heuristics, if configured so.

           

          I have several recommendations to mitigate this:

           

          1 - Reconfigure the MWG to be less restrictive on heuristics (not preferred)

          2 - If only this specific page needs to work, add a whitelist entry

           

          Since from your username it may be possible that you run the web site I would recommend to remove the code fragment. Instead of building the eMail address from javascript you could offer your visitors a form to contact you via eMail.

           

          I hope this helps.

           

          Best,

          Andre