This project has moved and is read-only. For the latest updates, please go here.
3
Vote

Google Chrome blocking download

description

When trying to download veracrypt using Google Chrome, I get a message saying "This file is malicious, and Chrome has blocked it. I see this for the Windows, Mac OS X and Linux download.

I've tried this on the following systems

Linux Mint 17.3 64 bit
Chrome Version 55.0.2883.87 (64-bit)

Windows 7 Professional
Chrome Version 55.0.2883.87 m (64-bit)

I also see this using Firefox 50.1.0 on both my LInux MInt and Windows 7 system. The message is "This file contains a virus or malware"

It seems the problem may only be at the following download site
https://veracrypt.codeplex.com/wikipage?title=Downloads

I tried this site and don't get the message
https://sourceforge.net/projects/veracrypt/files/VeraCrypt%201.19/

comments

idrassi wrote Dec 20, 2016 at 10:25 AM

I did a test using Chrome 55.0.2883.87 m on Windows 7 64bit and it is working from my place (in Paris, France).

Can you please check again? Maybe it was a glitch in Google anti-malware detection system.

idrassi wrote Dec 20, 2016 at 10:55 AM

Sorry...the download is indeed blocked, my previous test was done using a non standard configuration of Chrome.

Indeed, it affects only Codeplex. I don't know what is Google criteria for this classification.
One possible reason is the TLS configuration of Codeplex: it scores A- on SSLLabs test because of the lack of perfect forward secrecy and HTTP Strict Transport Security whereas sourceforge scores A+. So maybe Google is starting for force all website that serve binary downloads to meet strict TLS criteria.

For now, I modified the links in the Downloads page to point towards Launchpad hosted files.

This issue affects all Codeplex hosted projects so I expect something to be done in Codeplex side to solve this otherwise this would mean the end of Codeplex hosting.

franha11 wrote Dec 20, 2016 at 5:53 PM

Thanks, I can download the Windows .exe file now.

Depending on how long it'll take Codeplex to fix this issue you may also want to do the same modifications to the Mac .dmg and Linux .tar.bz2 files. Otherwise the workaround is to use Firefox and ignore the warnings but I suspect many people will be cautious in downloading such a file.

ben10 wrote Dec 22, 2016 at 9:05 AM

I'm still seeing this problem on both Chrome and Firefox.
Chrome 55.0.2883.87 claims the file is malicious, and Firefox 50.0.2 says it contains virus or malware
The download links still appear to be pointing to codeplex not launchpad.

Jaykul wrote Dec 23, 2016 at 5:10 AM

Yeah, definitely flagged as malicious by Defender. The browser downloads it then flags it.

http://i.imgur.com/pVfYCrI.gifv

idrassi wrote Dec 23, 2016 at 9:07 AM

Again, there is nothing with the downloaded files...this happens only with Codeplex (even Microsoft projects like Windows USB/DVD Download Tool are affected by this false positive detection).

Please use the links at https://veracrypt.codeplex.com/wikipage?title=Downloads I have a clear status about this from Codeplex people.

idrassi wrote Dec 27, 2016 at 10:12 PM

For now, I have disabled all Codeplex hosted downloads and I added a download button on the front page that redirects to the "Downloads" wiki entry where Launchpad links are present.

I have also written a short status about this issue: https://veracrypt.codeplex.com/wikipage?title=Google%20blocking%20VeraCrypt%20downloads#Title