This has been driving me nuts, Avast, an Anti-Virus product, I have in the past recommened have been flagging JihadWatch.org as having malware, with warnings such as “Infection Blocked”, “Avast WebShield has blocked a harmful web page or file” and “A Threat has been detected”, of course this is not true,
I first got notification of the issue last week, it happens, I’ve seen it a couple of times before, infact AVG another anti-virus company followed Avast and also started flagging JihadWatch.org but, a simple email asking them to look again, and they corrected their signatures and appologised for getting it wrong.
Mcfee have no issue with JihadWatch
http://www.siteadvisor.com/sites/www.jihadwatch.org?ref=safe&locale=en-US
neither do Norton
https://safeweb.norton.com/report/show?url=www.jihadwatch.org
or WOT
https://www.mywot.com/en/scorecard/www.jihadwatch.org
or any of the the 63 malware scanning sites listed here:
Avast have been sent dozens of complaints, most received a response, though I did not, they even admit that there is no malware in a few of the responses, here is one:
Hello X,
snip… Once they stop using useless obfuscation, it will not be blocked (it is the obfuscation that is being detected, not the actual deobfuscated code!).
Thank you
Best regards
Richard Šrank
Avast Technical Support Specialist
That “obfuscation” he is talking about, is the Counter DDoS prevention code that JihadWatch.org uses, it’s essential in keeping the site available, literally seeing 10s of millions of attacks a day, obviously we need to stay one step ahead, they are saying we should remove that protective code, then we won’t say you have malware, even though we knew you didn’t have malware in the first place. Apart from the sheer lunacy of their demand, you have to question their honesty as being competent in checking anything, when they say somethings is safe, is it? Because for sure when they say something is unsafe, we see that means nothing.
Now about this code, I won’t post it here as text, as we know they will flag that also, any competent developer can tell there is nothing malicious there, it’s no secret, simple base64 encoding, easily decoded, not that it will mean much, but the point is, it’s easy to see it’s not malicious, it’s easy for them to add a signature to their scanners even if they did see this scary “obfuscation”, their choice of words is interesting, when script is “encoded” for good reason as this is, we just call it “encoded” not obfuscation, you can easily decode to see the real code behind using any number of tools.
So sheer incompetence or another method to disrupt free speech, I can’t tell, but in the meantime, please report this false positives to Avast here: avast.com choosing report false virus alert, and let any of your friends know that JihadWatch.org is not infected in anyway, they should click ignore, which is sometimes an option or switch to a more reliable Anti-Virus solution, it should be noted that although AVG got it wrong initially, they were quick to correct their mistake.
does Avast flagging against JihadWatch.org related with this? ===>
… announce that we finally managed to legally offer Avast in Iran …
… looking forward to (re)building our user base …
May 15, 2015
https://forum.avast.com/index.php?topic=171139.0