Firefox accusing me of distributing malware on my site
Before getting too caught up in your anger against Firefox and Google Safe Browsing, the first step is to figure out whether Google Safe Browsing is right. It's not uncommon for sites to distribute executables that contain malware or viruses, without realizing they're doing it. Often, Google Safe Browsing is right and the site maintainers just weren't aware of the situation -- sometimes their site was hacked, or sometimes someone uploaded some files that are virus-infected without realizing it.
So, start by taking a close look at your site to see if any of your downloads are possibly problematic. You can start by perusing the Webmaster Help from stopbadware.org and Google's Webmasters help for hacked sites. Then, there are a few general steps you should be taking:
Check whether there's any malware on your site. You need to scan your site carefully to check whether any of the file downloads are dangerous or contain viruses/malware. You can start by using Google Webmaster Tools to check what bad files Google detected. You should also look at the detailed diagnostic page from Google Safe Browsing and look closely at the specific pages and files listed there. You can view the diagnostic page here to see which pages specifically triggered the listing. I also suggest that you upload each of the EXE's you make available on your site to VirusTotal and check them for viruses.
Check whether your site has any security holes or has been hacked. Often, what happens is that hackers find a site that has some security holes, compromise the site, and modify it to insert malware onto the site. The first the site administrators learn of this is when they get listed on Google Safe Browsing. So, you should check carefully whether this has happened to you. Here are a few free services that will scan your website for you:
- Sucuri site scan
- SparkTrust site scan
- Redleg site scan
- Unmask Parasites site scan
If you find security weaknesses, take your site offline and fix them. If you find that your site has been compromised, it's likely that you'll need to wipe the site and reload everything from a known-good backup. See https://www.stopbadware.org/hacked-sites-resources for more resources.
Protect your site against hacking. I suggest you review your site security and make sure it is well-protected against hacking, to prevent someone from breaking in and modifying it to serve malware. See, e.g., https://www.stopbadware.org/prevent-badware-basics for some background. Also make sure that your site software is fully updated.
When I use these tools, here is what I find:
Sucuri says you are running an outdated version of WordPress (pre-4.2). It looks like you are running Wordpress 3.8.1; 4.2.2 is the current version. This makes it likely that your site is vulnerable and can be compromised: there are multiple known vulnerabilities in Wordpress 3.8.1. You should make sure to always run up-to-date versions of software. When you fail to keep up-to-date, it creates an opportunity for attackers to compromise your site and use it to host malware. So, upgrade WordPress.
Google Safe Browsing says that your site was hosting malware when Google visited on 2015-05-10: "1 page(s) resulted in malicious software being downloaded and installed without user consent". Apparently no malware was found on the latest visit, 2015-05-25, so it sounds like at some point in the past, your site was hosting malware, but it isn't any longer.
It's not clear what the problematic page was. The report for
www.andreszsogon.com/grf-wizard
says there were no malicious pages found under/grf-wizard
. So, you can infer that the problematic page must have been some other page underwww.andreszsogon.com
-- but it wasn't anything under/grf-wizard
. I tried playing around with Google Safe Browsing's online interface, but I wasn't able to narrow down which page caused your site to be listed in their system.
Source Recently started to delete downloads claiming 'virus or spyware'.
"Last two days, some of the download have been started to be deleted by saying that 'Blocked: may contain virus or spyware' error message, at download window."
...
Firefox uses data from Google's "Safe Browsing" project to assess the reputation of websites and downloads. Every so often Google changes the data it supplies, for example, it may be flagging potentially unwanted programs in addition to actual malware.
For the future, the developers are considering an option to override the block and get the file anyway. It probably will be at least a few months before that appears because security-sensitive changes take time to design.
For now, if you think these file blocks are "false positives" and that the files actually are safe, you could do one of the following:
(1) Download the file using a different browser (yikes)
(2) Download the file using a downloader add-on that bypasses this security check. I heard about this in another thread but haven't tried it myself (and also, I don't know which add-ons to trust for this!).
(3) Disable the Safe Browsing feature temporarily to get the file, then turn it back on. There is a checkbox in the Options dialog:
"3-bar" menu button (or Tools menu) > Options > Advanced
On the Security tab, it's the "Block reported attack sites" checkbox. The other checkbox relates to phishing sites and I don't think it affects downloads.
Source How does built-in Phishing and Malware Protection work?
Firefox contains built-in Phishing and Malware Protection to help keep you safe online. These features will warn you when a page you visit has been reported as a Web Forgery of a legitimate site (sometimes called “phishing” pages) or as an Attack Site designed to harm your computer (otherwise known as malware). This feature also warns you if you download files that are detected as malware.
...
"I’ve confirmed that my site is safe, how do I get it removed from the lists?"
If you own a site that was attacked and you have since repaired it, or if you feel that your site was reported in error, you can request that it be removed from the lists. We encourage site owners to investigate any such report thoroughly, though; a site can often be turned into an attack site without any visible change.
- To request removal from the list of reported phishing sites, use this form provided by Google.
- To request removal from the list of reported malware sites, use this one, provided by stopbadware.org.
I've had to discontinue use of UPX with my own software because many virus scanners consider packer use to be de facto evidence of wrongdoing. You might try posting an unpacked version of your download and see if the warning goes away.