Jump to content

Zohoexternal domain blocked in Browser extension


Chandramathi
Go to solution Solved by JPopovic,

Recommended Posts

Hi Team,
 
We, Zoho WorkDrive are a Cloud based Content Collaboration Software provided by Zoho Corporation; check this link - https://www.zoho.com/workdrive/ for more details. Our product has a feature which allows files/folders uploaded to WorkDrive and can be shared to everyone on the internet by generating an external link for the file. These links are hosted in a domain https://workdrive.zohoexternal.com /https://files.zohoexternal.com owned by ZohoCorporation. The former is used for file preview and the later is used for file download 
 
We learnt that MalwareBytes Browser Guard extension is not allowing users to download files from WorkDrive
 
Here are the steps we perform to ensure that malware content does not get hosted from Zoho WorkDrive 
      1. We have an Anti Virus scan in place which validates the files during upload. This ensures that most malware cannot be uploaded to the cloud at all.
      2. We also have a spam and fraudulence detection algorithm in place which identifies if the uploaded files are phishing documents.

This means most spamming documents get filtered out as virus and never get published.

We also regularly monitor abuse complaints from our customers to ensure that the few links that were missed to be captured by our mitigation steps are duly pulled down. Despite our best efforts to identify virus/spam and spammers a few spam files do get published from WorkDrive and in such unfortunate instances the entire domain gets blocked.  We'd like to know if the domain can be classified as a "Content Collaboration" site so that in future instances the domain will not get blocked.
Here is the VirusTotal classification of our site - https://www.virustotal.com/gui/url/08784a4d360a5bfe88af4bb372d0550c3f4cb40775ce230a4f1e4cc0394b52c0/detection .
 
Regards,
Chandramathi M
Link to post
Share on other sites

Thank you for providing VirusTotal test results.  I have also successfully tested with Sucuri.  What I still need is to know what specific type of block you are receiving.  We have many different blocks, and they require whitelisting in different areas depending on the specific block that was encountered.  I look forward to your response.

Link to post
Share on other sites

Thank you for your reply. This is the error response we received

{"@timestamp": "2021-08-09T04:54:15.568Z", "message": "ANY: Just matched "files.zohoexternal.com" in database: "mbgc.db.trojan.2", "level": "INFO"}

files.zohoexternal is the domain used in WorkDrive for serving upload and download functionalities.

Link to post
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.