False positive with antivirus accessing to forum

Avatar
  • updated
  • Under review
One customer is having the following false positive with the antivirus accesing the forum. The antivirus is Zyxel

2011-10-31:Obfuscated JavaScript excessive fromCharCode attack
Policy ID:

8009477

Policy Type:
   
Web Attacks
 
Attack Name:
 
Obfuscated JavaScript excessive fromCharCode attack
 
Attack Impact:
 
Remote Code Execution.

  Attack Description:

The JavaScript attack would cause arbitrary code execution.

False Positive:
    

None known

 

False Negative:

 
   

None known

 

Recommendation Action:

 
   

Apply the appropriate vendor supplied patches

Reference:


url,www.cs.ucsb.edu/~marco/blog/2008/10/dom-based-obfuscation-in-malicious-javascript.html

Severity:

 

Medium

OS:

 

ALL;


Support Model:


ZyWALL 5/35/70/IDP 10
ZyWALL USG Series/ZyWALL 1050

 

First Signature Release:

 
   

ZLD:V2.326

 

Latest Modified Signature:

 
ZyNOS:V4.027

Avatar
Sergey Stukov co-founder
Quote from Juan de Oliveira
Hello:

Do you have any update on this issue?

Thanks and regards!
Hi, can you provide link to url which triggered such warning.
Also does antivirus provide additional information like file and line numbers that caused errors.

If this antivirus free we can setup it and check the same page.
Can u give link to download it?
Avatar
Juan de Oliveira
Hello:

Do you have any update on this issue?

Thanks and regards!
Avatar
Sergey Stukov co-founder
  • Answer
  • Under review