it seems that kaspersky anti-virus is "detecting" our hotspot captive portal
login as a "Trojan-Downloader.Script.Generic".
my googling on this seems to indicate that it isn't finding so much a
signature, but something in the url that is "suspicious".
unfortunately, this is causing some fairly unhappy, panicing calls to our
support people from customers.
can anyone point me at a Kaspersky tech with a clue? maybe we can re-craft
our login url to not offend the Kaspersky suite.
note: this hotspot suite has been in operation for 4+ years, and is based on
the chillispot portal.
note: these reports only started recently, so i suspect something was added to
Kaspersky's virus database recently that kicked this off.