Chandramathi Posted August 6, 2021 ID:1473059 Share Posted August 6, 2021 Hi Team, We, Zoho WorkDrive are a Cloud based Content Collaboration Software provided by Zoho Corporation; check this link - https://www.zoho.com/workdrive/ for more details. Our product has a feature which allows files/folders uploaded to WorkDrive and can be shared to everyone on the internet by generating an external link for the file. These links are hosted in a domain https://workdrive.zohoexternal.com /https://files.zohoexternal.com owned by ZohoCorporation. The former is used for file preview and the later is used for file download We learnt that MalwareBytes Browser Guard extension is not allowing users to download files from WorkDrive Here are the steps we perform to ensure that malware content does not get hosted from Zoho WorkDrive 1. We have an Anti Virus scan in place which validates the files during upload. This ensures that most malware cannot be uploaded to the cloud at all. 2. We also have a spam and fraudulence detection algorithm in place which identifies if the uploaded files are phishing documents. This means most spamming documents get filtered out as virus and never get published. We also regularly monitor abuse complaints from our customers to ensure that the few links that were missed to be captured by our mitigation steps are duly pulled down. Despite our best efforts to identify virus/spam and spammers a few spam files do get published from WorkDrive and in such unfortunate instances the entire domain gets blocked. We'd like to know if the domain can be classified as a "Content Collaboration" site so that in future instances the domain will not get blocked. Here is the VirusTotal classification of our site - https://www.virustotal.com/gui/url/08784a4d360a5bfe88af4bb372d0550c3f4cb40775ce230a4f1e4cc0394b52c0/detection . Regards, Chandramathi M Link to post Share on other sites More sharing options...
gonzo Posted August 6, 2021 ID:1473154 Share Posted August 6, 2021 Thank you for providing VirusTotal test results. I have also successfully tested with Sucuri. What I still need is to know what specific type of block you are receiving. We have many different blocks, and they require whitelisting in different areas depending on the specific block that was encountered. I look forward to your response. Link to post Share on other sites More sharing options...
Chandramathi Posted August 9, 2021 Author ID:1473608 Share Posted August 9, 2021 Thank you for your reply. This is the error response we received {"@timestamp": "2021-08-09T04:54:15.568Z", "message": "ANY: Just matched "files.zohoexternal.com" in database: "mbgc.db.trojan.2", "level": "INFO"} files.zohoexternal is the domain used in WorkDrive for serving upload and download functionalities. Link to post Share on other sites More sharing options...
gonzo Posted August 9, 2021 ID:1473709 Share Posted August 9, 2021 This is a Trojan block, shown by Browser Guard but originating as a block for our Premium protection. As a result, I need to refer this report to our Research team for their investigation. 1 Link to post Share on other sites More sharing options...
Staff Solution JPopovic Posted August 10, 2021 Staff Solution ID:1473871 Share Posted August 10, 2021 Hello, The block will be removed. Thank you! 1 Link to post Share on other sites More sharing options...
Chandramathi Posted August 25, 2021 Author ID:1476713 Share Posted August 25, 2021 Hi Team, Is the block removed? We've a few customers report it now too. Link to post Share on other sites More sharing options...
Staff JPopovic Posted August 25, 2021 Staff ID:1476729 Share Posted August 25, 2021 Hello, The block will be removed again. Thank you! 1 Link to post Share on other sites More sharing options...
gonzo Posted August 25, 2021 ID:1476764 Share Posted August 25, 2021 Please also note that Browser Guard sometimes requires that you clear your browser's cache to assure you are seeing results AS THEY ARE, not AS THEY WERE. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now