I just recognized the entry "||fedoraproject.org^" on the AdBlockPlus/Easylist Malware domain list [0]. Is there any explanation for this, so far?
I recognized it, since no external resources were loaded for any Fedora Project related website (no JS, CSS, images, etc.).
[0] https://easylist-downloads.adblockplus.org/malwaredomains_full.txt
Manuel
On Sun, Nov 17, 2013, at 06:50 AM, Manuel Faux wrote:
I just recognized the entry "||fedoraproject.org^" on the AdBlockPlus/Easylist Malware domain list [0]. Is there any explanation for this, so far?
It is also listed on the OpenDNS Umbrella security labs malware list. So anyone using OpenDNS and browsing to a variety of Fedora websites receives a block page. I've opened a ticket with OpenDNS asking why this has happened.
-Rohan
On Sun, 17 Nov 2013 08:24:43 -0800 Rohan Sheth rohan@rs3net.net wrote:
On Sun, Nov 17, 2013, at 06:50 AM, Manuel Faux wrote:
I just recognized the entry "||fedoraproject.org^" on the AdBlockPlus/Easylist Malware domain list [0]. Is there any explanation for this, so far?
It is also listed on the OpenDNS Umbrella security labs malware list. So anyone using OpenDNS and browsing to a variety of Fedora websites receives a block page. I've opened a ticket with OpenDNS asking why this has happened.
As far I can tell, this was due to a 'website mailware' scanner site detecting (falsely) that there was some malware string in the Fedora 19 desktop iso.
We have contacted that site yesterday and this morning (as of about 4 hours ago) have let us know that they have cleared the false positive/entry from their database.
However, it seems many malware lists out there have not yet removed the entry (some of them may only update daily). Hopefully things will be cleared out soon.
This shows the fragility of using these 3rd party malware scanning services... they seem to feed into a bunch of lists and a false positive can linger for days. ;(
kevin
security@lists.fedoraproject.org
-
Kevin Fenzi -
Manuel Faux -
Rohan Sheth