diff --git a/libclamav/phishcheck.c b/libclamav/phishcheck.c
index fe87a986b..a4cc05853 100644
--- a/libclamav/phishcheck.c
+++ b/libclamav/phishcheck.c
@@ -395,7 +395,7 @@ static int get_host(const struct phishcheck* s,const char* URL,int isReal,int* p
 				return rc;
 			if(rc)
 				*phishy |= PHISHY_USERNAME_IN_URL;/* if the url contains a username that is there just to fool people,
-			     					     like http://www.ebay.com@somevilplace.someevildomain.com/ */
+			     					     like http://banksite@example.com/ */
 			start = realhost+1;/*skip the username*/
 		} while(realhost);/*skip over multiple @ characters, text following last @ character is the real host*/
 	}
@@ -592,7 +592,7 @@ static void clear_msb(char* begin)
 
 /*
  * Particularly yahoo puts links like this in mails:
- * http:/ /mail.yahoo.com
+ * http:/ /www.example.com
  * So first step: delete space between / /
  *
  * Next there could be possible links like this:
@@ -817,13 +817,13 @@ int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs)
 					*ctx->virname="Phishing.Heuristics.Email.Cloaked.NumericIP";
 					break;
 				case CL_PHISH_CLOAKED_NULL:
-					*ctx->virname="Phishing.Heuristics.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/
+					*ctx->virname="Phishing.Heuristics.Email.Cloaked.Null";/*fakesite%01%00@fake.example.com*/
 					break;
 				case CL_PHISH_SSL_SPOOF:
 					*ctx->virname="Phishing.Heuristics.Email.SSL-Spoof";
 					break;
 				case CL_PHISH_CLOAKED_UIU:
-					*ctx->virname="Phishing.Heuristics.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/
+					*ctx->virname="Phishing.Heuristics.Email.Cloaked.Username";/*http://banksite@fake.example.com*/
 					break;
 				case CL_PHISH_HASH0:
 				case CL_PHISH_HASH1:
@@ -865,7 +865,7 @@ int phishing_init(struct cl_engine* engine)
 		pchk = engine->phishcheck = cli_malloc(sizeof(struct phishcheck));
 		if(!pchk)
 			return CL_EMEM;
-		pchk->is_disabled = 1;
+		pchk->is_disabled=1;
 	}
 	else {
 		pchk = engine->phishcheck;
diff --git a/unit_tests/Makefile.am b/unit_tests/Makefile.am
index 7d48895d2..3ae26d527 100644
--- a/unit_tests/Makefile.am
+++ b/unit_tests/Makefile.am
@@ -29,7 +29,7 @@ $(top_builddir)/test/clam.exe:
 	(cd $(top_builddir)/test && $(MAKE))
 
 CLEANFILES=lcov.out *.gcno *.gcda *.log $(FILES) test-stderr.log clamscan.log valgrind-*.log duma.log duma2.log
-EXTRA_DIST=.split input test-clamd.conf test-freshclam.conf valgrind.supp virusaction-test.sh $(scripts)/preload_run.sh
+EXTRA_DIST=.split input test-clamd.conf test-freshclam.conf valgrind.supp virusaction-test.sh $(scripts) preload_run.sh
 if ENABLE_COVERAGE
 LCOV_OUTPUT = lcov.out
 LCOV_HTML = lcov_html
diff --git a/unit_tests/Makefile.in b/unit_tests/Makefile.in
index a1da85f14..09eb1755f 100644
--- a/unit_tests/Makefile.in
+++ b/unit_tests/Makefile.in
@@ -238,7 +238,7 @@ check_SCRIPTS = $(scripts)
 @HAVE_LIBCHECK_TRUE@check_clamav_CPPFLAGS = @CHECK_CPPFLAGS@ -DSRCDIR=\"$(abs_srcdir)\"
 @HAVE_LIBCHECK_TRUE@check_clamav_LDADD = $(top_builddir)/libclamav/libclamav.la @THREAD_LIBS@ @CHECK_LIBS@
 CLEANFILES = lcov.out *.gcno *.gcda *.log $(FILES) test-stderr.log clamscan.log valgrind-*.log duma.log duma2.log
-EXTRA_DIST = .split input test-clamd.conf test-freshclam.conf valgrind.supp virusaction-test.sh $(scripts)/preload_run.sh
+EXTRA_DIST = .split input test-clamd.conf test-freshclam.conf valgrind.supp virusaction-test.sh $(scripts) preload_run.sh
 @ENABLE_COVERAGE_TRUE@LCOV_OUTPUT = lcov.out
 @ENABLE_COVERAGE_TRUE@LCOV_HTML = lcov_html
 @ENABLE_COVERAGE_TRUE@LCOV_LCOV = @LCOV@
diff --git a/unit_tests/check_jsnorm.c b/unit_tests/check_jsnorm.c
index da5686c3a..9f5733bdb 100644
--- a/unit_tests/check_jsnorm.c
+++ b/unit_tests/check_jsnorm.c
@@ -329,14 +329,14 @@ static const char jstest_expected3[] =
 #define B64 "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
 
 /* TODO: document.write should be normalized too */
-static const char jstest_buf4[] =
-"document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69%70%74%3E'));eval(dF('gI%285%3B%285%3Afqjwy%28585%3A7%28586D%28585%3A7%3C%7C55y%28585%3A7%3C%28585%3A7%28586E%28585%3A8G5%285%3A%285%3C%286E3'));";
+static char jstest_buf4[] =
+"qbphzrag.jevgr(harfpncr('%3P%73%63%72%69%70%74%20%6P%61%6R%67%75%61%67%65%3Q%22%6N%61%76%61%73%63%72%69%70%74%22%3R%66%75%6R%63%74%69%6S%6R%20%64%46%28%73%29%7O%76%61%72%20%73%31%3Q%75%6R%65%73%63%61%70%65%28%73%2R%73%75%62%73%74%72%28%30%2P%73%2R%6P%65%6R%67%74%68%2Q%31%29%29%3O%20%76%61%72%20%74%3Q%27%27%3O%66%6S%72%28%69%3Q%30%3O%69%3P%73%31%2R%6P%65%6R%67%74%68%3O%69%2O%2O%29%74%2O%3Q%53%74%72%69%6R%67%2R%66%72%6S%6Q%43%68%61%72%43%6S%64%65%28%73%31%2R%63%68%61%72%43%6S%64%65%41%74%28%69%29%2Q%73%2R%73%75%62%73%74%72%28%73%2R%6P%65%6R%67%74%68%2Q%31%2P%31%29%29%3O%64%6S%63%75%6Q%65%6R%74%2R%77%72%69%74%65%28%75%6R%65%73%63%61%70%65%28%74%29%29%3O%7Q%3P%2S%73%63%72%69%70%74%3R'));riny(qS('tV%285%3O%285%3Nsdwjl%28585%3N7%28586Q%28585%3N7%3P%7P55l%28585%3N7%3P%28585%3N7%28586R%28585%3N8T5%285%3N%285%3P%286R3'));";
 
-static const char jstest_expected4[] =
-"document.write(\"<script language=\"javascript\">function df(s){var s1=unescape(s.substr(0,s.length-1)); var t='';for(i=0;i<s1.length;i++)t+=string.fromcharcode(s1.charcodeat(i)-s.substr(s.length-1,1));document.write(unescape(t));}</script>\");eval();alert(\"w00t\");";
+static char jstest_expected4[] =
+"qbphzrag.jevgr(\"<fpevcg ynathntr=\"wninfpevcg\">shapgvba qs(f){ine f1=harfpncr(f.fhofge(0,f.yratgu-1)); ine g='';sbe(v=0;v<f1.yratgu;v++)g+=fgevat.sebzpunepbqr(f1.punepbqrng(v)-f.fhofge(f.yratgu-1,1));qbphzrag.jevgr(harfpncr(g));}</fpevcg>\");riny();nyreg(\"j00g\");";
 
-static const char jstest_buf5[] =
-"function (p,a,c,k,e,r){}('0(\\'1\\');',2,2,'alert|w00t'.split('|'),0,{});";
+static char jstest_buf5[] =
+"shapgvba (c,n,p,x,r,e){}('0(\\'1\\');',2,2,'nyreg|j00g'.fcyvg('|'),0,{});";
 
 static const char jstest_expected5[] =
 "function(n000,n001,n002,n003,n004,n005){}(alert(\"w00t\"););";
@@ -359,8 +359,8 @@ static const char jstest_buf8[] =
 static const char jstest_expected8[] =
 "var n000=\"tst" B64 "tst\";";
 
-static const char jstest_buf9[] =
-"eval(unescape('%61%6c%65%72%74%28%27%74%65%73%74%27%29%3b'));";
+static char jstest_buf9[] =
+"riny(harfpncr('%61%6p%65%72%74%28%27%74%65%73%74%27%29%3o'));";
 
 static const char jstest_expected9[] =
 "alert(\"test\");";
@@ -461,12 +461,32 @@ START_TEST (screnc_infloop)
 }
 END_TEST
 
+static void prepare_s(char *s)
+{
+	char xlat[] = "NOPQRSTUVWXYZABCDEFGHIJKLM[\\]^_`nopqrstuvwxyzabcdefghijklm";
+	while(*s) {
+		if(isalpha(*s)) {
+			*s = xlat[*s - 'A'];
+		}
+		s++;
+	}
+}
+
+static void prepare(void)
+{
+	prepare_s(jstest_buf4);
+	prepare_s(jstest_expected4);
+	prepare_s(jstest_buf5);
+	prepare_s(jstest_buf9);
+}
+
 Suite *test_jsnorm_suite(void)
 {
     Suite *s = suite_create("jsnorm");
     TCase *tc_jsnorm_gperf, *tc_jsnorm_token, *tc_jsnorm_api,
 	  *tc_jsnorm_tokenizer, *tc_jsnorm_bugs, *tc_screnc_infloop;
 
+    prepare();
     tc_jsnorm_gperf = tcase_create("jsnorm gperf");
     suite_add_tcase (s, tc_jsnorm_gperf);
 #ifdef CHECK_HAVE_LOOPS