I have a web site (I will give you the URL if someone says it is OK) in which I've had a couple browsers get this message from AVAST:
Type: Trojan Horse
I also have once gotten the malware Mal/EncPk-F and Mal/HckPk-A (Sophos Anti-Virus) when visiting the site.
My hosting is through Go Daddy, and they insist there is no virus or trojan on their end.
Don't get me wrong - the website usually works without a problem; but we are getting ready to promote the website & I don't want any hint of malware coming to my site.
My site is on a UNIX server and I am using PHP & MySQL. I am using sessions on every page.