This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False Positive of Mal/ObfJS-H?

Hello - I have a client (a High School) running Sophos on all of their networked computers.  When browsing to IHSSN.com, they are being blocked saying it has detected Mal/ObfJS-H on the site.  The thing is, I am not seeing that detection on any other system or AV I have tried.

Further, I have looked at the source code of the site, and there is no obfuscated javascript that I could find.

Is anyone else out there using Sophos seeing that detection on http://IHSSN.com?  Or could it be a problem with the scanner on their network?

:10275


This thread was automatically locked due to age.
  • Hi,

    http://ihssn.com/ is being blocked by the LSP component (Web protection).  This feature came in with SAV 9.5+.  I assume the site has been tagged by Sophos Labs for hosting malware, specifically Mal/ObfJS-H.

    In the SAV.txt on these machine it will have:

    Blocked web request to "ihssn.com" for user domain\username. 'Mal/ObfJS-H' has been found at this website, reference ID 12716512.

    You could Authorize this domain in the policy to allow it but that's your call.  I would suggest making a call to support to possibly find out more about 12716512 as a ref id especially if it's your client's domain.  I'm not sure if it's an automated process the labs have going, where as soon as any hosted malware is removed, the domain is flagged as clean again.  I assume it must be otherwise that would be unmanageable,


    Regards,

    Jak

    :10285