Well, it's pretty understandable why it would trigger on malware when the redirect page is using highly obfuscated code.
It seems a little excessive for a simple 302 redirect.
And keep in mind, these are the same techniques that real exploit pages use, so i'd rather have it blocked.
That's above our pay grade. The point is it's highly likely to be a false positive, or McAfee's preferred quickstart consulting partner for web gateway is... owned?
I almost forgot to add to my false positive rant of the quarter:
The venerable fiddler2 interactive debugging web proxy is also getting caught up in a heuristic detection (or at least it was yesterday) despite nothing on virustotal saying a word about it. Irony of course is that this tool is indispensible in figuring out what/when/why MWG is blocking a given bit of client web traffic.
But I suppose the onus is on us customers to report all those back.
this ajax code redirects to an incapsula CDN network, which is outside of accuvant.com responsibility. The url is calculated during a runtime on a user side in the browser and cannot be statically set on the accuvaint's web server side with a 30x redirect :-(