Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Malicious website blocked
-
When I go to http://inedo.com/proget/versions and try to click on the 3.8.6 small installer (without sql express) I got a warning from Trend Micro Worry-Free Business Security that I am attempting to access a malicious website, and I am blocked. The rating specifies that it is a dangerous verified fraudulent page or threat source. I ran two scans on this website from virustotal.com. The first time reported that three URL scanners had detected that it was a malicious site. The second time I ran it was about 15 minutes later and it reported that there were five URL scanners (Blueliv, Sophos, Emsisoft, Fortinet and Kapersky) that detected it was a malicious site.
Product: ProGet
Version: 3.8.6
-
These "URL scanners" all use the same, third-party reporting source, so they will all report the same false positives. We have no control over that obviously, and this only seems to affect certain URLS (not files or content at the url), and only for a couple days... which reaffirms that these URL scanners are fairly worthless, since a malicious file would just use a dynamic url.
If you are concerned about the url scanner, then just use a different url to download the file --- https://s3.amazonaws.com/cdn.inedo.com/XXX instead of http:///cdn.inedo.com/XXX
Even if Amazon's CDN servers were compromised , you can be rest assured that, if the installer you download is signed by Inedo, then it's the package we published. You can always manually install if you are you don't trust installers.
WE would appreciate, however, if you report the false positive, as that's the only way these 3rd party reporting services will update their lists.