Перейти к содержимому


Фото
- - - - -

No way to whitelist false positive website

false positive

  • Закрыто Тема закрыта
14 ответов в этой теме

#1 Falcosoft

Falcosoft

    Newbie

  • Posters
  • 9 Сообщений:

Отправлено 01 Март 2015 - 16:20

Hi !

I have a problem whitelisting my own website that was flagged as malicious by Dr.Web.

I have already sent a false positive report to

https://support.drweb.com/new/urlfilter/?lng=en

But no response.

I have sent another to

https://vms.drweb.com/sendvirus/?lng=en

sending my domain as URL and I have got a response with 'Your request has been analyzed. This is not a false alarm.'

 

If I run an online check

http://vms.drweb.com/online/?lng=en

I get 2 green flags (no virus, no redirection) but report says my site is in the  malicious sites database, but no explanation why.

 

I'm an idependent Hungarian developer and I offer many of my softwares to download for free and none of them are malicious.

Only Dr. Web has a problem with my site

https://www.virustotal.com/en/url/e1b6d13eda4c5242cb9ce8ea546e681d1c1adfb69ca9c72290cbefc036756c42/analysis/

I understand Dr.Web considers one of them to be bad (but I have checked many of them and none of them are flagged as bad by Dr.Web Link checker), but even my totally independent service page and message board are flagged as malicious that do not offer any downloads.

 

I feel this is rather unfair, and I would like to know what else I can do.

 

Best Regards:

Zoltan Bacsko

Falcosoft

http://falcosoft.hu/


Сообщение было изменено Falcosoft: 01 Март 2015 - 16:22


#2 Ivan Korolev

Ivan Korolev

    Poster

  • Virus Analysts
  • 1 352 Сообщений:

Отправлено 02 Март 2015 - 10:53

I feel this is rather unfair, and I would like to know what else I can do.

You could try remove adware/malware from your site, because it usually helps to get white-listed.



#3 Falcosoft

Falcosoft

    Newbie

  • Posters
  • 9 Сообщений:

Отправлено 02 Март 2015 - 12:30

Dear Mr. Korolev !

 

Please, name a few :)

I have never written anything that can be considered adware/malware or harmful any other way.

Instead of sarcastic and not so helpful comments you could try help me to identify what your unerring engine believes to be harmful.

In this case i would have the chance to change/remove anything but now I'm just groping in the dark.

 

Thanks in advance



#4 Falcosoft

Falcosoft

    Newbie

  • Posters
  • 9 Сообщений:

Отправлено 02 Март 2015 - 12:41

 

I feel this is rather unfair, and I would like to know what else I can do.

You could try remove adware/malware from your site, because it usually helps to get white-listed.

 

 

Dear Mr. Korolev !

 

Please, name a few

I have never written anything that can be considered adware/malware or harmful any other way.

Instead of sarcastic and not so helpful comments you could try help me to identify what your unerring engine believes to be harmful.

In this case I would have the chance to change/remove anything but now I'm just groping in the dark.

 

Thanks in advance

 

(sorry for the duplicate post)


Сообщение было изменено Falcosoft: 02 Март 2015 - 12:42


#5 Ivan Korolev

Ivan Korolev

    Poster

  • Virus Analysts
  • 1 352 Сообщений:

Отправлено 02 Март 2015 - 14:05

Since it's your software and site, you could easily download all available files from your site and scan it with CureIt to identify which files are considered as malicious.



#6 Falcosoft

Falcosoft

    Newbie

  • Posters
  • 9 Сообщений:

Отправлено 02 Март 2015 - 14:44

Since it's your software and site, you could easily download all available files from your site and scan it with CureIt to identify which files are considered as malicious.

Hi !

I have already done this.

None. Yet my site is flagged as malicious.

Althought it was Dr.Web Link checker and not Cureit.

That is my problem. None of the downloadable content nor my site are harmful, yet Dr.Web identifies my whole site as malicious.

That's why I wrote 'I feel this is rather unfair'.

But OK, I will try Dr.Web cure it and report the results.

 

Thanks again for your help



#7 Falcosoft

Falcosoft

    Newbie

  • Posters
  • 9 Сообщений:

Отправлено 02 Март 2015 - 14:51

Report:

I have choosen the Public_projects folder that contains all my downloadable content and more and the report said:

 

'No threats detected'



#8 Ivan Korolev

Ivan Korolev

    Poster

  • Virus Analysts
  • 1 352 Сообщений:

Отправлено 02 Март 2015 - 14:57

Report:

I have choosen the Public_projects folder that contains all my downloadable content and more and the report said:

 

'No threats detected'

I have no idea what did you check, but i'm able to download infected objects from "http://falcosoft.hu/*.zip"



#9 Falcosoft

Falcosoft

    Newbie

  • Posters
  • 9 Сообщений:

Отправлено 02 Март 2015 - 15:09

 

Report:

I have choosen the Public_projects folder that contains all my downloadable content and more and the report said:

 

'No threats detected'

I have no idea what did you check, but i'm able to download infected objects from "http://falcosoft.hu/*.zip"

 

I have checked the public folder where the files are that are referenced by any of my pages.

Ok, then I will try to download all my website and check it with dr. web Cure it.

But one thing is sure. You cannot reach any reference to infected files on my webpage since I have already checked all the public zips that are referenced.

Moreover without option indexes you cannot get direct links to all files. Even I cannot get http://falcosoft.hu/*.zip"


Сообщение было изменено Falcosoft: 02 Март 2015 - 15:13


#10 Falcosoft

Falcosoft

    Newbie

  • Posters
  • 9 Сообщений:

Отправлено 02 Март 2015 - 15:34

Hi !

Something is not right. I have made a full server backup and checked it wit Dr.Web cure it ( more precisely it is mpbro097.exe)

And choosed to check the uncompressed folder falcosoft.hu that is my whole site and it is saying 'No threats detected'.

I have attached the cureit.log file to check for you. As I can tell the website check is at the and of the log file.

http://falcosoft.hu/cureit.log



#11 Falcosoft

Falcosoft

    Newbie

  • Posters
  • 9 Сообщений:

Отправлено 02 Март 2015 - 15:51

 

Report:

I have choosen the Public_projects folder that contains all my downloadable content and more and the report said:

 

'No threats detected'

I have no idea what did you check, but i'm able to download infected objects from "http://falcosoft.hu/*.zip"

 

Please, respond !

 

Your own Dr.Web cure it software did not detect any harmful line on my site, yet you insist on my site is malicious and 'i'm able to download infected objects from "http://falcosoft.hu/*.zip"'

 

Thanks in advance



#12 Ivan Korolev

Ivan Korolev

    Poster

  • Virus Analysts
  • 1 352 Сообщений:

Отправлено 02 Март 2015 - 17:57

 

 

Report:

I have choosen the Public_projects folder that contains all my downloadable content and more and the report said:

 

'No threats detected'

I have no idea what did you check, but i'm able to download infected objects from "http://falcosoft.hu/*.zip"

 

Please, respond !

 

Your own Dr.Web cure it software did not detect any harmful line on my site, yet you insist on my site is malicious and 'i'm able to download infected objects from "http://falcosoft.hu/*.zip"'

 

Thanks in advance

 

Probably you didn't enable option "Check archives" that is disabled by default (as far as i know).



#13 Falcosoft

Falcosoft

    Newbie

  • Posters
  • 9 Сообщений:

Отправлено 02 Март 2015 - 21:54

OK, that was the problem.
Now Dr.Web Cure it detect 2 files as infected with Adware.Spigot.42.
The interesting thing is none of these files could be downloaded from my site directly, just backlinking (when you know the file name) works.
But even more interesting is the fact that these files are exact unmodified copies of download.cnet.com files I have downloaded from here (these links are on my website, should I remove them ?):

http://download.cnet.com/Midi-Player/3000-2139_4-75741533.html?part=dl-10231545&subj=dl&tag=button
http://download.cnet.com/Desktop-Movie-Player/3000-13632_4-75744143.html?part=dl-10231545&subj=dl&tag=button

Yet if I check these pages or any other download.cnet.com pages with Dr. web online scan (http://vms.drweb.com/online/?lng=en)
these pages are NOT malicious according to Dr.Web. Contrary all my pages are flagged as malicious by Dr. web online scan
(but I have not even offered these download.cnet.com files as downloads).

Please, explain this to me.

In the beginning I said this is unfair but it was some kind of euphemism. Now I would rather say it's questionable ethics or biased treatment.


I removed these files from my site and I'm very curious when Dr.Web whitelists my site and of course when will flag download.cnet.com as malicious.

I'm looking forward for your answer and of course thanks for your help Mr. Korolev !


 


Сообщение было изменено Falcosoft: 02 Март 2015 - 21:55


#14 Ivan Korolev

Ivan Korolev

    Poster

  • Virus Analysts
  • 1 352 Сообщений:

Отправлено 03 Март 2015 - 12:37

Yep, it was interesting moment that cnet's site wasn't flagged :-)

 

Anyway, your site was removed from black-list, since you deleted malicious content.

 

@moderators, close this topic as resolved.



#15 SergM

SergM

    Guru

  • Moderators
  • 9 387 Сообщений:

Отправлено 03 Март 2015 - 17:04

close this topic as resolved.

Done





Also tagged with one or more of these keywords: false positive

Читают тему: 0

0 пользователей, 0 гостей, 0 скрытых