Do you sell digital products online? Have you received complaints from several users that their antivirus program is blocking a file?
Here at ShoutMeLoud I sell e-books (free + paid) and plugins. I use Mac OS because it’s safer than Windows. Needless to say, I’m a little paranoid about security issues. I keep my system safe using the built-in Mac firewall and refrain from downloading files from untrusted sources.
Let’s go back to why I was finally looking for an online antivirus:
ShoutMeLoud’s free WordPress guide has been downloaded more than 5000 times, and in the past two months I have received two emails stating that their anti-virus software (Avast to be precise) has disabled access to the files. Here’s the e-mail I received:
It was something unlikely, and I started to worry more about it. The very first step was to check whether the file was infected or not. (Read the second section on troubleshooting false positives).
My need was simple, because I needed a tool that could scan the database of all major antivirus programs and detect any viruses, worms, Trojans or malware in my downloaded file.
While I was looking for a tool, I came across a rather amazing tool and some interesting results that you will explore in this article.
VirusTotal: Online virus/malware scanning tool
VirusTotal is a free online tool to scan for viruses, worms, Trojans and all types of malware. It allows you to download any file and scan it for viruses, worms, Trojan horses, etc. In addition to downloading files, you can also check every online/URL site to make sure that it is free of viruses. This is useful for bloggers as they often receive warnings that their site has been compromised. Virustotal allows you to quickly check your site to clarify your suspicions.
The tool is quite easy to use. You can go to their home page; click the Select File button to download any file from your computer (up to 128 Mb) and click the Scan button.
The tool scans your file with all current antivirus programs and displays the result on the next page with the detected warning. This is what happened when I scanned one of my e-books:
Although Virustotal offered this file securely, Avast antivirus returned a PDF:UrlMal-inf [Trj] error. This means that any user with an Avast antivirus will receive the same warning as the Digitalud that received it above.
What is PDF:UrlMal-inf [Trj] and how can I fix it?
Here everything gets interesting when I start to deepen the PDF:UrlMal-inf [Trj] warning. After some research, I got a solution from the official Avast support, as many other users received a similar warning.
A user who created a to-do list with iCloud also received this warning. That’s what Kevin went through:
So the problem with the Avast Antivirus web security module and the response from Avast employees have clarified the situation.
This is what the Avast support team offered:
This detection means that the PDF file contains URLs that are blocked. For more information, please send us a PDF file at https://support.avast.com/ -> Avast Virus Lab.
Usually a PDF file contains a lot of links, and if a link is blocked by Avast, access to the warning file is blocked. This problem can occur with any document or Word file that contains a hyperlink to a website that is blocked by the Avast database.
At this point, I can’t find any resources on the network that allow me to check which URL it is. That’s why I did the following, and I hope it will help someone in the same condition as me.
Go to the Avast Support website and create a ticket for the support team. Tell them about the problem and also add a file that is blocked by Avast or display a PDF file: Publication of UrlMal-inf [Trj] in VirusTotal. This is what I sent them:
All you have to do is wait for a response from the Avast support team and you can remove the URL they’ve blocked. In Kevin’s case, it was a popular website called Couchsurfing.com.
Here is another solution that works if you only have a few links in your pdf or doc file. You can remove all links and add them one by one. After adding each link, use VirusTotal or scan it with Avast’s online scanner to find the blocked link. For the time being, the only offer is to remove the link from your file and inform the owner of the website. In most cases, the owner of the website will contact the Avast team to obtain a white list.
Bonus advice for owners of websites blocked on the Avast website:
In most cases, Avast will block the website because the P.I. of your server may be in the anti-spam database. This situation is common among users of shared hosting who share the same I.P. with more than a hundred other websites. You can use the Blacklist checker to check if your I.P. server has been banned from one of the spam databases.
Learn how to check if your website is blacklisted.
- Go to this online ping tool and enter the URL of your website in the hostname without www. [Ex.] ShoutMeTech.com]
- Copy the I.P. address he gave us. Here is for example what I got for ShoutMeLOud 64 bytes from 22.214.171.124: icmp_seq=1 ttl=58 time=5.25 ms and 126.96.36.199 – I.P. address.
- Go to Blacklist-Checker, enter the I.P. address and click on Blacklist-Checker. When you see a warning message, it’s time to get a special I.P. or switch hosting. This is the result:
I hope this opens a lot of possibilities for you if you sell digital products online or if your website is marked as suspicious by antivirus software or a firewall.
Will you let me know if you find a virus in a file downloaded from VirusScan or if your website is blacklisted in an anti-spam database?