Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

False positive on docx from facebook

  • 7 replies
  • 34 have this problem
  • 2142 views
  • Last reply by Rich Pasco

more options

When downloading a word document from facebook, legit because I've downloaded it before, it gets flagged that it could contain a virus or spyware. Because I know what I'm doing, how do I disable or bypass this? If this is a security feature since ff 36.0, could it be made so that a warning is shown prior to potentially downloading malicious content instead of the "you're not going to download this in a million years"?

thanks in advance,

Chosen solution

I have this problem when downloading zip files from a cloud file storage site (e.g. uploaded.net). The zip files I am downloading contain only non-executable content (e.g. text files, jpg images) and were uploaded by a trusted source. Apparently, some hacker(s) post(ed) malicious executable content elsewhere on the same cloud storage site, thus giving the entire site a bad name. For Firefox to block all ZIP files from that site because of that is short-sighted and just plain wrong.

Read this answer in context 👍 5

All Replies (7)

more options

Hmm, I haven't noticed any new warnings in Firefox 36 yet.

Do you get it immediately upon clicking the link, before Firefox starts to retrieve the file?

Can you capture a screen shot of the message?

Do you get a similar warning for other DOCX files, for example:

https://www.google.com/search?q=filetype%3Adocx+site%3Awww.microsoft.com

Firefox's built-in phishing/malware protection has historically been based on data supplied by Google. This article has more info: How does built-in Phishing and Malware Protection work? This data is refreshed frequently, independently of version updates, so it could be you have an updated data file.

more options

Such a message would come from your anti-virus, not Firefox. FF would only warn about bad web sites.

more options
more options

jscher2000 said

Hmm, I haven't noticed any new warnings in Firefox 36 yet. Do you get it immediately upon clicking the link, before Firefox starts to retrieve the file? Can you capture a screen shot of the message? Do you get a similar warning for other DOCX files, for example: https://www.google.com/search?q=filetype%3Adocx+site%3Awww.microsoft.com Firefox's built-in phishing/malware protection has historically been based on data supplied by Google. This article has more info: How does built-in Phishing and Malware Protection work? This data is refreshed frequently, independently of version updates, so it could be you have an updated data file.

Well, I've managed to download the file via IE eventually. The strange facts about this. - I downloaded the file previously in FF 35 and had no problems - Norton 360 nor MBAM flags it as harmfull - file contains no macro's - xlsx is just fine - other sites don't give this particular issue

So I don't know anything else I can do to resolve this. To the question about when I receive this: - clicking link, no problem. Getting asked what to do with it - saying where to store it works - download starts, but cancels. - result: see image (its in dutch)

As you've explained, the information given by Google could trigger this result. Perhaps malicious word docs are distributed on facebook or something. Didn't know this. thanks for the information.

more options

jhonny8bit said

jscher2000 said
Hmm, I haven't noticed any new warnings in Firefox 36 yet. Do you get it immediately upon clicking the link, before Firefox starts to retrieve the file? Can you capture a screen shot of the message? Do you get a similar warning for other DOCX files, for example: https://www.google.com/search?q=filetype%3Adocx+site%3Awww.microsoft.com Firefox's built-in phishing/malware protection has historically been based on data supplied by Google. This article has more info: How does built-in Phishing and Malware Protection work? This data is refreshed frequently, independently of version updates, so it could be you have an updated data file.

Well, I've managed to download the file via IE eventually. The strange facts about this. - I downloaded the file previously in FF 35 and had no problems - Norton 360 nor MBAM flags it as harmfull - file contains no macro's - xlsx is just fine - other sites don't give this particular issue

So I don't know anything else I can do to resolve this. To the question about when I receive this: - clicking link, no problem. Getting asked what to do with it - saying where to store it works - download starts, but cancels. - result: see image (its in dutch)

As you've explained, the information given by Google could trigger this result. Perhaps malicious word docs are distributed on facebook or something. Didn't know this. thanks for the information.

forgot image

more options

Thank you for the error text. After a little translation, it led me to this article with suggested workarounds: Bypass Firefox's Blocked: May contain a virus or spyware message - gHacks Tech News.

There is a pending request to add an override to the download list, but since it has not yet been coded, it probably will not appear in Firefox in the near future.

If the problem is that Firefox using an outdated safe browsing list, I wonder whether there is a problem with the built-in updating? According to the support article, "These lists are automatically downloaded and updated every 30 minutes or so when the Phishing and Malware Protection features are enabled." Or maybe it's just that Google isn't very swift in updating on its end because users can override it. Hmm... not an ideal situation.

more options

Chosen Solution

I have this problem when downloading zip files from a cloud file storage site (e.g. uploaded.net). The zip files I am downloading contain only non-executable content (e.g. text files, jpg images) and were uploaded by a trusted source. Apparently, some hacker(s) post(ed) malicious executable content elsewhere on the same cloud storage site, thus giving the entire site a bad name. For Firefox to block all ZIP files from that site because of that is short-sighted and just plain wrong.