X
Tap here to go to the mobile version of the site.

Support Forum

False positive on docx from facebook

Posted

When downloading a word document from facebook, legit because I've downloaded it before, it gets flagged that it could contain a virus or spyware. Because I know what I'm doing, how do I disable or bypass this? If this is a security feature since ff 36.0, could it be made so that a warning is shown prior to potentially downloading malicious content instead of the "you're not going to download this in a million years"?

thanks in advance,

When downloading a word document from facebook, legit because I've downloaded it before, it gets flagged that it could contain a virus or spyware. Because I know what I'm doing, how do I disable or bypass this? If this is a security feature since ff 36.0, could it be made so that a warning is shown prior to potentially downloading malicious content instead of the "you're not going to download this in a million years"? thanks in advance,

Chosen solution

I have this problem when downloading zip files from a cloud file storage site (e.g. uploaded.net). The zip files I am downloading contain only non-executable content (e.g. text files, jpg images) and were uploaded by a trusted source. Apparently, some hacker(s) post(ed) malicious executable content elsewhere on the same cloud storage site, thus giving the entire site a bad name. For Firefox to block all ZIP files from that site because of that is short-sighted and just plain wrong.

Read this answer in context 5

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.10
  • Intel web components for Intel® Identity Protection Technology
  • Intel web components updater - Installs and updates the Intel web components
  • The plugin allows you to have a better experience with Microsoft Lync
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • Shockwave Flash 16.0 r0
  • 5.1.30514.0
  • VMware Remote Console Plug-in

Application

  • Firefox 36.0
  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
  • Support URL: https://support.mozilla.org/1/firefox/36.0/WINNT/nl/

Extensions

  • Norton Toolbar 2014.7.10.26 ({2D3F3651-74B9-4795-BDEC-6DA2F431CB62}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics 4000
  • adapterDescription2: NVIDIA GeForce GT 630M
  • adapterDeviceID: 0x0166
  • adapterDeviceID2: 0x0de9
  • adapterDrivers: igdumdim64 igd10iumd64 igd10iumd64 igdumdim32 igd10iumd32 igd10iumd32
  • adapterDrivers2: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
  • adapterRAM: Unknown
  • adapterRAM2: 2048
  • adapterSubsysID: 06861025
  • adapterSubsysID2: 06861025
  • adapterVendorID: 0x8086
  • adapterVendorID2: 0x10de
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.3.9600.17415
  • driverDate: 9-9-2013
  • driverDate2: 1-9-2015
  • driverVersion: 10.18.10.3304
  • driverVersion2: 9.18.13.4725
  • info: {u'AzureCanvasBackend': u'direct2d', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 4000 Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
jscher2000
  • Top 10 Contributor
6742 solutions 55106 answers

Hmm, I haven't noticed any new warnings in Firefox 36 yet.

Do you get it immediately upon clicking the link, before Firefox starts to retrieve the file?

Can you capture a screen shot of the message?

Do you get a similar warning for other DOCX files, for example:

https://www.google.com/search?q=filetype%3Adocx+site%3Awww.microsoft.com

Firefox's built-in phishing/malware protection has historically been based on data supplied by Google. This article has more info: How does built-in Phishing and Malware Protection work? This data is refreshed frequently, independently of version updates, so it could be you have an updated data file.

Hmm, I haven't noticed any new warnings in Firefox 36 yet. Do you get it immediately upon clicking the link, before Firefox starts to retrieve the file? Can you capture a screen shot of the message? Do you get a similar warning for other DOCX files, for example: https://www.google.com/search?q=filetype%3Adocx+site%3Awww.microsoft.com Firefox's built-in phishing/malware protection has historically been based on data supplied by Google. This article has more info: [[How does built-in Phishing and Malware Protection work?]] This data is refreshed frequently, independently of version updates, so it could be you have an updated data file.
FredMcD
  • Top 10 Contributor
3227 solutions 43528 answers

Such a message would come from your anti-virus, not Firefox. FF would only warn about bad web sites.

Such a message would come from your anti-virus, not Firefox. FF would only warn about bad web sites.
cor-el
  • Top 10 Contributor
  • Moderator
15694 solutions 141917 answers
Is this about the zone.identifier that identifies the file as coming from internet? *http://mxr.mozilla.org/mozilla-release/source/toolkit/components/jsdownloads/src/DownloadIntegration.jsm#536 *http://mxr.mozilla.org/mozilla-release/source/toolkit/components/jsdownloads/src/DownloadIntegration.jsm#573

Helpful Reply

jscher2000 said

Hmm, I haven't noticed any new warnings in Firefox 36 yet. Do you get it immediately upon clicking the link, before Firefox starts to retrieve the file? Can you capture a screen shot of the message? Do you get a similar warning for other DOCX files, for example: https://www.google.com/search?q=filetype%3Adocx+site%3Awww.microsoft.com Firefox's built-in phishing/malware protection has historically been based on data supplied by Google. This article has more info: How does built-in Phishing and Malware Protection work? This data is refreshed frequently, independently of version updates, so it could be you have an updated data file.

Well, I've managed to download the file via IE eventually. The strange facts about this. - I downloaded the file previously in FF 35 and had no problems - Norton 360 nor MBAM flags it as harmfull - file contains no macro's - xlsx is just fine - other sites don't give this particular issue

So I don't know anything else I can do to resolve this. To the question about when I receive this: - clicking link, no problem. Getting asked what to do with it - saying where to store it works - download starts, but cancels. - result: see image (its in dutch)

As you've explained, the information given by Google could trigger this result. Perhaps malicious word docs are distributed on facebook or something. Didn't know this. thanks for the information.

''jscher2000 [[#answer-695151|said]]'' <blockquote> Hmm, I haven't noticed any new warnings in Firefox 36 yet. Do you get it immediately upon clicking the link, before Firefox starts to retrieve the file? Can you capture a screen shot of the message? Do you get a similar warning for other DOCX files, for example: https://www.google.com/search?q=filetype%3Adocx+site%3Awww.microsoft.com Firefox's built-in phishing/malware protection has historically been based on data supplied by Google. This article has more info: [[How does built-in Phishing and Malware Protection work?]] This data is refreshed frequently, independently of version updates, so it could be you have an updated data file. </blockquote> Well, I've managed to download the file via IE eventually. The strange facts about this. - I downloaded the file previously in FF 35 and had no problems - Norton 360 nor MBAM flags it as harmfull - file contains no macro's - xlsx is just fine - other sites don't give this particular issue So I don't know anything else I can do to resolve this. To the question about when I receive this: - clicking link, no problem. Getting asked what to do with it - saying where to store it works - download starts, but cancels. - result: see image (its in dutch) As you've explained, the information given by Google could trigger this result. Perhaps malicious word docs are distributed on facebook or something. Didn't know this. thanks for the information.

Question owner

jhonny8bit said

jscher2000 said
Hmm, I haven't noticed any new warnings in Firefox 36 yet. Do you get it immediately upon clicking the link, before Firefox starts to retrieve the file? Can you capture a screen shot of the message? Do you get a similar warning for other DOCX files, for example: https://www.google.com/search?q=filetype%3Adocx+site%3Awww.microsoft.com Firefox's built-in phishing/malware protection has historically been based on data supplied by Google. This article has more info: How does built-in Phishing and Malware Protection work? This data is refreshed frequently, independently of version updates, so it could be you have an updated data file.

Well, I've managed to download the file via IE eventually. The strange facts about this. - I downloaded the file previously in FF 35 and had no problems - Norton 360 nor MBAM flags it as harmfull - file contains no macro's - xlsx is just fine - other sites don't give this particular issue

So I don't know anything else I can do to resolve this. To the question about when I receive this: - clicking link, no problem. Getting asked what to do with it - saying where to store it works - download starts, but cancels. - result: see image (its in dutch)

As you've explained, the information given by Google could trigger this result. Perhaps malicious word docs are distributed on facebook or something. Didn't know this. thanks for the information.

forgot image

''jhonny8bit [[#answer-695476|said]]'' <blockquote> ''jscher2000 [[#answer-695151|said]]'' <blockquote> Hmm, I haven't noticed any new warnings in Firefox 36 yet. Do you get it immediately upon clicking the link, before Firefox starts to retrieve the file? Can you capture a screen shot of the message? Do you get a similar warning for other DOCX files, for example: https://www.google.com/search?q=filetype%3Adocx+site%3Awww.microsoft.com Firefox's built-in phishing/malware protection has historically been based on data supplied by Google. This article has more info: [[How does built-in Phishing and Malware Protection work?]] This data is refreshed frequently, independently of version updates, so it could be you have an updated data file. </blockquote> Well, I've managed to download the file via IE eventually. The strange facts about this. - I downloaded the file previously in FF 35 and had no problems - Norton 360 nor MBAM flags it as harmfull - file contains no macro's - xlsx is just fine - other sites don't give this particular issue So I don't know anything else I can do to resolve this. To the question about when I receive this: - clicking link, no problem. Getting asked what to do with it - saying where to store it works - download starts, but cancels. - result: see image (its in dutch) As you've explained, the information given by Google could trigger this result. Perhaps malicious word docs are distributed on facebook or something. Didn't know this. thanks for the information. </blockquote> forgot image
jscher2000
  • Top 10 Contributor
6742 solutions 55106 answers

Thank you for the error text. After a little translation, it led me to this article with suggested workarounds: Bypass Firefox's Blocked: May contain a virus or spyware message - gHacks Tech News.

There is a pending request to add an override to the download list, but since it has not yet been coded, it probably will not appear in Firefox in the near future.

If the problem is that Firefox using an outdated safe browsing list, I wonder whether there is a problem with the built-in updating? According to the support article, "These lists are automatically downloaded and updated every 30 minutes or so when the Phishing and Malware Protection features are enabled." Or maybe it's just that Google isn't very swift in updating on its end because users can override it. Hmm... not an ideal situation.

Thank you for the error text. After a little translation, it led me to this article with suggested workarounds: [http://www.ghacks.net/2014/11/19/bypass-firefoxs-blocked-may-contain-a-virus-or-spyware-message/ Bypass Firefox's Blocked: May contain a virus or spyware message - gHacks Tech News]. There is a pending request to add an override to the download list, but since it has not yet been coded, it probably will not appear in Firefox in the near future. If the problem is that Firefox using an outdated safe browsing list, I wonder whether there is a problem with the built-in updating? According to the support article, "These lists are automatically downloaded and updated every 30 minutes or so when the Phishing and Malware Protection features are enabled." Or maybe it's just that Google isn't very swift in updating on its end because users can override it. Hmm... not an ideal situation.
Rich Pasco 1 solutions 35 answers

Chosen Solution

I have this problem when downloading zip files from a cloud file storage site (e.g. uploaded.net). The zip files I am downloading contain only non-executable content (e.g. text files, jpg images) and were uploaded by a trusted source. Apparently, some hacker(s) post(ed) malicious executable content elsewhere on the same cloud storage site, thus giving the entire site a bad name. For Firefox to block all ZIP files from that site because of that is short-sighted and just plain wrong.

I have this problem when downloading zip files from a cloud file storage site (e.g. uploaded.net). The zip files I am downloading contain only non-executable content (e.g. text files, jpg images) and were uploaded by a trusted source. Apparently, some hacker(s) post(ed) malicious executable content elsewhere on the same cloud storage site, thus giving the entire site a bad name. For Firefox to block all ZIP files from that site because of that is short-sighted and just plain wrong.