Avira false positive or an actual exploit?

That's what i wonder too.

 

well normally you should get a mail directly after sending it that you won't get an answer.

 

i guess so, its 'quarantine manager' works in a different manner then..
btw, i always get quick responses when i submit samples through e-mail and its website.

 

Meh I'd really like to know what the file is trying to do that sets Avira off.

 

Maybe it isnt the file.

 

Well, send the reported file as encrypted archive to heuristik2@avira.com and I will have a look at it. ;-)

 

Avira was alerting on the same sort of iframe file a few weeks ago at, of all places, GRC.com. First it alerted on an iframe on the Shields Up page and then it started alerting on the main GRC.com page and one could not even enter the site without disabling Avira or just clicking through the alerts.

 

Finally, the analysis results of this heuristic detection (courtesy of Stefan Kurtzhals):