[RC5] Win32 client installer deemed 'malicious' by Chrome

Mike Brown mike at hyperreal.org
Wed Jan 8 19:03:20 EST 2014


Updating from Chrome 31 to 32 made it worse; no longer does the file "appear"
malicious; it "is malicious, and Chrome has blocked it." It can be unblocked
from the Downloads screen.

I did some searching, and found this discussion of the UI:
  https://code.google.com/p/chromium/issues/detail?id=312533

Not much helpful there, but apparently there's an automatic upload of the
suspicious files for verification. If that's what happened, obviously it made
matters worse.

Mike Reed wrote:
> Echoing what waldo kitty said, all of our installable files, zips etc.
> are pgp-signed by the coder who uploads them. If anybody knows who I
> should ask at Google about getting the warning removed, I am all ears.

Some further digging reveals that Chrome uses Google's Safe Browsing API, as
mentioned in this blog post announcing the new feature:
   http://blog.chromium.org/2011/04/protecting-users-from-malicious.html

The Safe Browsing API v1 docs say to request a review through this site:
   https://www.stopbadware.org/request-review

I'm not entirely sure if this really applies to individual "malicious"
downloads or if it is for entire "malware" domains (which are what would
prompt Chrome to give you a red warning page before even letting you browse
the site).

Using the Search Clearinghouse link on that site, it seems they don't have
the dnetc-win32-x86-setup.msi URLs in their blacklist. I also tried checking
via the Safe Browsing API (v1, via GET) and it gave me the same results;
those URLs are not blacklisted by StopBadWare.

The StopBadWare review request page and the Chromium blog post both
say that if only Google is blocking the URL, you need to use the Malware
Review process in Google's Webmaster Tools:
http://googleonlinesecurity.blogspot.com/2009/10/malware-warning-review-process.html

IMHO it might still be worthwhile to also see what happens if you request an
independent review by StopBadWare.

Good luck!


More information about the rc5 mailing list