Usher wrote: 2018-08-09, 19:18 UTC
One thing for sure:
Total7zip contains old 7-zip version with known security holes, just google "7-zip security vulnerabilities" or "7-zip CVE". Replace old 7-zip files with the newest ones (version 18.05 now).
Having security issues is not the same as being a malicious software.
1. I think that Google just keeps blocked download links and will block web pages if you don't change those links. Archive.org is just a sample than allows to understand such Google actions.
I still don't unsderstand your reasoning. The link no longer poses a threat, why would it still be considered malicious?
Anyway, whatever the reasoning, it doesn't look like it works that way. wincmd.ru has been marked as clean already. If what you said were true it would have remained marked as tainted.
3. Blocking more and more pages may be also some kind of "joe job"or (D)DoS attack - they may be reported as malicious by some people manually or by some bots automatically.
If that's the case I probably won't be able to do anything, the attackers would just keep reporting other, completely legitimate files and pages. However, I don't think that's what's happening, because up until now all the downloads listed in the Google Console were actually detected by some antiviruses as malicious (putting aside the question of how reasonable those detects actually were), apart from Total7zip which has already been "cleared" and is no longer displayed as problematic.
I think in the end the current course will have the site removed from the malicious list, but I really, really, really don't like the way it's going. Some stupid known-by-nobody antivirus yells completely invalid claims, and 99% of your web-site gets virtually blocked, just because most users stick to Chrome or other browsers that stick to that Google detector. I'm not even sure it's wise to do what I'm doing, in the long term; it makes people think "he removed those files, so they really were malicious, precious Google saved us all!" instead of "hey, Google, what the heck, there's nothing wrong there, we'll be better off with another browser which is not so paranoid".
Added:
Minutes after I posted this, the final check on totalcmd.net was reported as success, the site is marked clean. I'm not sure how this works, might take a bit of time for the browsers to catch up, but in my Firefox it is now opened without warnings.
Still, the question what to do with the problematic files remains open. I don't want to lose useful plugins just because of false positives from some vague unknown AVs…
