[Solved] False Positive // Malware Patrol

10 Posts
3 Users
4 Reactions
36 Views
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 496
Topic starter  

Hi guys,

got just a false positive while updating my GPG from h**ps://files.gpg4win.org/gpg4win-4.4.0.exe

image

Wish you a healthy and successful 2025!

cheers

 

Client OS
Browser
eBlocker hardware
Client OS version
Browser version
eBlockerOS version

   
Random reacted
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 5 Jahren ago
Posts: 2003
 

@calimero Thanks very much for the good hint 👍 - but unfortunately I fear, it's out of our hands.

We have licensed the Malware Patrol filters and use them as provided. Any change - i.e. a false positive notice must be filed with Malware Patrol for their maintenance. We can not put URLs on whitelists as we are unable to verify the case thoroughly. That's why we pay for their expertise. 😉

THX!

 


   
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 496
Topic starter  

@random Thanks, but if you (eB Team) are not the one to report - even when you (eB team) bought this lists, it would have been good on how to report things like that 🙂

For completeness and others here is the way:

image

Reported it now via Mail directly to malware patrol....

regards


   
Random reacted
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 5 Jahren ago
Posts: 2003
 

@calimero Thanks very much for sharing the contact data. 🙏

I guess we never ever had the case someone wanted to actually get in touch with Malware Patrol. So this is really helpful for people with the same need.

THX!


   
CalimerO reacted
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 496
Topic starter  

@random HI, I received feedback from Malware Partrol:

Hello,

Thank you for the contact. I've verified our database and I don't see any entries for that URL or its domain.

Can you please let us know the source of this information, so we can investigate further?

Regards,

Luciana
Malware Patrol Team

 

I can see gpg4win in the malware-urls.json and malware.filter file in eBlocker, but can you check the last Malware Patrol Update eBlocker is using and which Malware Patrol lists have been used, so I can provide feedback to them?

JSON

{"url":"ftp.gpg4win.org","hostedMalware":["MalwarePatrol"]}

{"url":"files.gpg4win.org","hostedMalware":["MalwarePatrol"]}

FILTER

.ftp.gpg4win.org

.files.gpg4win.org

 

Many thanks and best regards


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 5 Jahren ago
Posts: 2003
 

@calimero All I can say from my position is that we are pulling the Malware Patrol filters daily. So you can assume we are always using the latest version.

Just a personal word: As much I appreciate your engagement in this case, please bear in mind that it causes our workforce to focus on a most minor issuse. From my perspective, we are making a mountain out of a molehill here. 

Don't get me wrong: If you feel it's super important to you to get gpg4win.org off the Malware Patrol list, just move forward. I just don't want to spend more of my time on this topic to rather focus on more important tasks moving us forward.

Remember the easiest solution: If you feel the Malware Patrol filter contain a false positive, just hit "Pause" and download the file. Not a big deal for a pro.

THX!


   
ReplyQuote
(@bpr)
Famed Member Admin
Joined: 5 Jahren ago
Posts: 284
 

@calimero

the Malware Patrol list is not public (eBlocker has a subscription), so I cannot post the URL here. But I can confirm that currently the list contains these lines:

files.gpg4win.org/
ftp.gpg4win.org/

Our list builder uses the parameter "list=squidguard" for downloading the list.


   
CalimerO reacted
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 496
Topic starter  

@random Thank you very much for your help.

As eBlocker is NOT JUST for us PROs, this documentation should be for all comming to such an issue with the eBlocker 🙂

Next mail sent to malware patrol with your input and waiting for repsonse from them.

Thanks and regards


   
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 496
Topic starter  

@bpr Thank you for this input!


   
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 496
Topic starter  

Last Update on this thread

The URLs where fals positive and are now whitelisted!

So in the next update on this malware patrol lists, it is fixed

Hello,

Thank you for the information. We have confirmed this to be a false positive and whitelisted in our database.

We are sorry for the trouble this may have caused.

Best regards,

Luciana
Malware Patrol Team

best regards


   
ReplyQuote

Nach oben scrollen