Unfortunately, viglink pays a small portion of the bills here, and we would have to replace that revenue for the forum if we lost it.
Anyway, the signature in question was just a malformed URL, and not anything serious to worry about. The user in question copied and pasted the divshare url a bit wrong, and pasted the php query instead of the actual jpg. the 'mal' warning was that the url was wildly malformed, and that the data returned was garbage, not that it was confirmed malware (ie, a file that matched a malware signature). The user has put the proper url in his or her signature and is now showing dat alps pride again.