Jump to content

Please remove our websites from Malwarebytes Browser Guard trojan block

gstenstrom

By gstenstrom
in Chrome

Go to solution Solved by gonzo,

Recommended Posts

gstenstrom

gstenstrom

Posted
Posted

Dear Sir/Madam - Would you please review and remove the following websites we own from the Malwarebytes Browser Guard block list?  We have checked them thoroughly and are certain there is not a trojan, nor our our sites inflammatory or malicious.  The first is a Mastadon micro-blogging site, and the second is our email server.  When we proceed to the site after seeing the Malwarebytes block and warning page, no further indications of a trojan or virus are noted or apparent.

http://patriot.online
http://www.patriot.online
http://www.xmail.net
http://xmail.net
 

Safe Site List.zip

Link to post
gonzo

gonzo

Posted
Posted

The patriot.online site has been whitelisted. Please allow 15-30 minutes for changes to take effect.  I have submitted the other side to the team that handles Premium product blocks, of which a Trojan is part of.  I am waiting their response.

Don't be concerned about multiple threads in the forum.  I saw the word "trojan" and moved it to the forum that handles that, then tested the patriot.online site and found it was only a Browser Guard block.  I then moved your post back to its original location.  I did not make any more redirects since I figured I had already caused enough confusion.

I will post more on the second site when I know more.

 

  • Like 1
Link to post
gstenstrom

gstenstrom

Posted
  • Author
Posted

Gonzo - Like Gmail or Microsoft Onedrive shared folders, individual users sometimes put executable files and sometimes malicious files in public facing URL's that do not reflect the security and usability of the root domain (gmail.com and live.com, respectively).  Xmail has many tens of thousands of users, and has a user public file sharing feature - just like Gmail and Live (Onedrive).  The list in the link you provided shows only 4 negative detections in all of last year (2020) for those tens of thousands of Xmail.net users.  Yandex and Forcepoint web safety services are two out of approximately 40 other different web safety ranking services you monitor with the balance of those 40 showing xmail.net is "clean."  Malwarebytes Safe Browser and malware detection already has the capability to catch and block those 4 individual user's public shares without having to blacklist the entire Xmail.net domain.  If you applied the same standards to the millions of Gmail, Live, Network Solutions or GoDaddy hosted domains and blocked all of their domain name URL's and/or IP's for a handful of offending users, or blocked Gmail, Onedrive, Dropbox, Live.com, or other big tech house hosted public file URL's and email services for a handful of users, then the Internet, in general, would be unusable for anyone using Malwarebytes Safe Browsing.  You are holding Xmail.net accountable for 4 errant files over a 1 year period simply because of a smaller user base - and you can - where if you held Gmail, Microsoft, Network Solutions, and GoDaddy hosting services to the same standards - then no one would use Malwarebytes because it would block so many domains that users would uninstall or disable it.  We totally understand and agree that Malwarebytes Safe Browsing is a powerful and essential tool to protect end users - and we use your product ourselves and are advocates - but we expect equal treatment and protection for everyone, and not giving a pass to hosting giants Malwarebytes does not want to offend or cross swords with, or otherwise alienate your customers - and apply a different standard to Xmail.net.  We cannot possibly scan the hundreds of millions of emails and files across all our systems anymore than any other large service provider could - which is why we, and other people, should use Malwarebytes and other like products.  I am 100% certain that Malwarebytes would individually block the 4 errant files reported in 2020 without having to block and blacklist the entire Xmail.net domain.

Link to post
Porthos

Porthos

Posted
Posted

I do not work for Malwarebytes but I did some digging.

The link below serves a malicious file. 

http://xmail.net/harun/adobe.exe

https://www.virustotal.com/gui/url/9f73956bf0a89142f53cdc6e79acd6ffeb48bfc3f4936d19048e8ad8c98cf666/detection

File results

https://www.virustotal.com/gui/file/f0e4bc70e477d1607a6d0527d978ce516b463cb8bb7940416f32d226c95e841e/detection

Link to post
gstenstrom

gstenstrom

Posted
  • Author
Posted

Porthos - Thank you very much - I really appreciate your assistance.  I have been trying to isolate malicious files and we'll remove the one you found immediately.  I saw that Malwarebytes Safe Browser notified me that the URL was malicious, and then I force downloaded the file and scanned it, and verified that it was, in fact, malicious.  As I mentioned above, we use Malwarebytes ourselves and are happy users because it works very well in identifying malicious subdirectories and files, and my objection was that Malwarebytes was blocking the entire root domain (xmail.net) versus allowing Malwarebytes to scan for malicious files and block individual subdirectories.  As an email service hosting provider, it is a virtually impossible task to monitor tens of thousands of email users and their accounts in real time for malicious files, and a service that few, if any, other hosting platforms provide, or can support - which is why we rely on individuals taking individual responsibility to protect themselves and run programs and extensions, like Malwarebytes.  I'm hoping that Malwarebytes administrators will help us by whitelisting our domain, and either assisting us, or allowing us the opportunity, to reasonably mitigate risks without blacklisting our entire domain and service.  Thanks again, I truly appreciate it.

Link to post
gonzo

gonzo

Posted
Posted

Our researchers asked that you remove these files.  First one may already be gone.  After doing so, let me know so they can verify.  The Browser Guard block is grandfathered from premium blocks, so they are in control there...I am just a middleman on Trojans.

hxxp://xmail.net/harun/adobe.exe
hxxps://xmail.net/docx/1F4/h.html

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.