Virus-alarm opening Firmware-FAQ

All errors or issues on the website/forums should be reported here and will be investigated. Support questions about how to use/access features not documented in the forum FAQ and discussion about the site forums are also welcome here, but please read this thread before posting such items.
Post Reply
Yossarian
Newbie
Newbie
Posts: 4
Joined: Wed Mar 05, 2014 9:31 pm
Location: Germany

Virus-alarm opening Firmware-FAQ

Post by Yossarian » Thu Mar 06, 2014 4:07 pm

Hi all!

I have a big concern about your RouterTech Firmware FAQ -page: Every time I open this page, I am getting a virus/malware alarm from my antivir guard. I heard about similar problems when downloading or running the RouterUpgradeChecker, there it is a false alarm, as was explained in another thread.
But what about the FAQ-page? I can't imagine, that some suspicious code will be needed there. It's an all-text-page, beside some hyperlinks and html-formatting commands there should be only plain text. Nothing to run, having direct access to the hardware or the system. So why my antivir gives alarm?
My fear is, that somebody succeeded to place a "cuckoo's egg" in your website, and the alarm is a real one. That's not the kind of jokes I like!

So I would ask you very urgently to deal with this problem. Even having a anti-virus-program, I don't feel comfortable using a website which is marked as "infected".

Beside this, many thanks to you all for the big work of making better firmware!
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12064
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: Virus-alarm opening Firmware-FAQ

Post by thechief » Thu Mar 06, 2014 4:14 pm

Get a new anti-virus programme.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
Yossarian
Newbie
Newbie
Posts: 4
Joined: Wed Mar 05, 2014 9:31 pm
Location: Germany

Re: Virus-alarm opening Firmware-FAQ

Post by Yossarian » Fri Mar 07, 2014 3:20 pm

Hi Chief!

As you can imagine, I'm not very satisfied with this answer. The reason is, there are people who always want to understand what's going on. I know it is boring to explain the same things again and again to all those newbies... . But I do hope that at least you get some money for this job.
Now really, what about the FAQ-page? A virus-alarm is nothing to be wiped off easily. You may consider my antivir as a low-level free-of-charge program. But it can discriminate between "normal" html-code and some, let's say, strange-looking code which then is marked as dangerous.
From the normal user's point of view, the FAQ-page is expected to be a read-only page, no need for extra code as compared e.g. with the RUC. So what's going on, when we open it? (And we are asked to open this page with every post written by the admins!)
Knowing the web is no kindergarden, we have to use some anti-virus software and we only can rely on its results. The only conclusion I can see is, there are things on that page we don't expect to be there. Am I wrong?
I would be very glad to get an answer what kind of code this is. Even if it should be difficult to explain or understand, the RouterTech forum is no place for beginners and I don't need an answer within minutes. And if my antivir (I love it) has given a false-positive alarm, the better. I only want to know why.
Many thanks in advance!
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12064
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: Virus-alarm opening Firmware-FAQ

Post by thechief » Fri Mar 07, 2014 7:18 pm

I can't speak for your antivirus programme, or why it is returning false positives - but I would change it, because, in my view, it is seriously buggy. The firmware FAQ is a simple html file. You can open it in any text editor, and you will find absolutely nothing but plain text in it - no pictures, no scripts, no tables, nothing but raw (and very simple) html. If your antivirus programme can trigger an alarm from a simple plain text file, then go figure ...
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
Yossarian
Newbie
Newbie
Posts: 4
Joined: Wed Mar 05, 2014 9:31 pm
Location: Germany

Re: Virus-alarm opening Firmware-FAQ

Post by Yossarian » Fri Mar 07, 2014 11:16 pm

Hi again, chief!

Thank you very much for your answer. As I understand, the RouterTech team did construct the FAQ-page exactely as every user expects it to be: just giving the appropriate information about your firmware; plain text and some links to other pages, nothing else.

But obviously the file has been corrupted.
"My" anti-virus program doesn't see only plain text there, it detects code called "HTML/Infected.WebPage.gen", a kind of malware first found on 14/08/2007.
(I'll try to add some screenshots, but the last time I wasn't able to do so. The problem always is in front of the computer...haha!)
As they say, the potential of this malware is not very high, but it's said to be a typical infection of "harmless" webpages. It consists of a hidden link to a malicious site, often together with some script-tags. Infected servers should be cleaned before going online again...
I take this information for serious.

I tried myself to see what's in your file, but with the virus-guard on I'm not enabled to do so and I really don't want to switch it off. And the file is 79 KB big, looking through such a file with only one pair of eyes may not be vera effective at all.
So I'd ask you to let some software find and eliminate this "cuckoo's egg".

By the way, I'm not sponsored by avira, that's just a free-of-charge but doing-the-job anti-virus program...

I hope you don't feel the signal to noise ratio being reduced by my posts, thank you again for your work!
Attachments
Routertech-FAQ_Virus.jpg
Routertech_html.infected....jpg
Yossarian
Newbie
Newbie
Posts: 4
Joined: Wed Mar 05, 2014 9:31 pm
Location: Germany

Re: Virus-alarm opening Firmware-FAQ

Post by Yossarian » Fri Mar 07, 2014 11:58 pm

Sorry for the screenshots with all that German text.
I only wanted to demonstrate, that there is something. Not just false-positive alarm. Have a good night!
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12064
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: Virus-alarm opening Firmware-FAQ

Post by thechief » Sat Mar 08, 2014 12:53 am

I have no doubt that your antivirus programme believes that it has found something. So how come other antivirus programmes don't raise the same alarm? You might want to report this to Avira as a false positive.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
Post Reply