This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"High Risk Website Blocked" - Mal/HTMLGen-A has been found on this website

I am a website developer and one of my websites is being tagged as a high risk website by Sophos Anti-Virus.  The URL is www.consultanttraining.com.au. I did a test on www.virustotal.com and Sophos is returing a "Malicious site" result. This is a very simple website and absolutely nothing malicious has been installed on it.  My web host company has tested the server at their end and cannot find any problems. I tested the website on Google Webmaster tools and nothing negative resulted. I tested the site on checkwebsitesafe.net and the result was 100% positive.  Can you please advise why your software is having a problem with this website and what code is resulting in the website being seen as a problem? Thanks so much for your assistance.

:38507


This thread was automatically locked due to age.
  • Hello ramsydney,

    many of the threads you get when searching for Mal/HTMLGen-A on this board are about the same situation, please see for example this thread.. I know I mention this in vain though ...

    Anyway, the answer is always the same: Please contact, or better - have your host company contact Support directly, they will look into the issue and should be able to tell the reason for the classification and to initiate a re-classification of the site IP. It's likely one of the other sites hosted on the server which triggered the detection.

    Christian

    :38521
  • Sophos doing more harm than good with policies to block everything even if it does not conatin a virus.  Sounds to me like politics is in mix with sophos bottom line.  Sophos - Not just anti-virus but we tell you what you can look at!

    :40281
  • We have this same message for www.engineeringexcellenceawards.com

    The IP address is not blocked.  So no problem there.

    We've checked the HTML, and there's nothing there.  It's a really simple site, and malware would be obvious.

    Sophos, can you advise if this is a problem with our shared hosting please?

    :42189
  • It appears to be a false positive on the mspyonline.com, how can this get corrected so that I am not blocked from going to this website while I have Sophos on my computer?  If you go to the virus check, Sophos is the only one that detects this website as malicious.  I found the below post, can this website be corrected?  Thank you!

    Re: False positive mal/HTMLgen-a [ New ]

    ‎Wed 16-Jan-2013 15:03 - edited ‎Wed 16-Jan-2013 15:04

    Hi Rogerborg,

    First, some history, for the benefit of the rest of the community ...

    1. You added a post (above) to the existing mal/HTMLGen-A thread.
    2. During standard moderation work, I looked at it, and I was immediately given a malware warning.
    3. I asked SophosLabs to take a look, but in the interests of being safe rather than sorry, moved the post with the (apparently) offending links to the SophosTalk quarantine area.
    4. SophosLabs have rescanned your site, and recategorised it as free of threats.
    5. I've put your post back. Unfortuanetly, due to the way the forums platform works, I can't put it back in as a reply, but only as a new thread.

    So, getting down to the real business of this post, it's time for me to apologise for the annoyance and confusion caused. I move content (apart from where it's just in the wrong place) very rarely, as it's not my content. Getting a warning on my screen about mal/HTMLGen-A was sufficient to set the alarm bells going.

    It does occasionally happen that a site has been categorised as showing the presence of malware, but that circumstances change. We at Sophos are always happy to investigate situations like this. So, if you think your site falls into this category, please let us know in this community, or contact Sophos Support direct.

    Apologies again to Rogerborg.

    Best regards,

    spike

    - - - - - - - - - - - - 
    SophosTalk community manager, SOPHOS
    Knowledgebase  |  @SophosSupport  |  Video tutorials
    :49566
  • I am also receiving this error on a link from our training website.  Here is the link:  jak.gzipdistro.net/sd/1060/3051.js.  Is there a way to get this site verified to see if it is really malicious?

    Thanks.

    :49866
  • I have the same issue on kamva.ir

    sophos home blocks access to my site and as a result our customers can't use it.

  • I have the same exact issue: "I am a website developer and one of my websites is being tagged as a high risk website by Sophos Anti-Virus.  The URL is WWW.DIANEDMEINKE.COM. I did a test on www.virustotal.com and Sophos is returning a "Malicious site" result. This is a very simple website and absolutely nothing malicious has been installed on it.  My web host company has tested the server at their end and cannot find any problems. I tested the website on Google Webmaster tools and nothing negative resulted. I tested the site also and the result was 100% positive.  Can you please advise why your software is having a problem with this website and what code is resulting in the website being seen as a problem? Thanks so much for your assistance."

  • Hello Dianne Meinke,

    for whatever reason URLs on the /images/ path are blocked, not your site's root.
    You've posted on a rather arbitrary older thread that doesn't contain up to date information so here it is: Please use the Submit a sample form to have your site reassessed.

    Christian