Google Security finds 'latest.zip' file malicious


#1

I would like to tryout this on my sites. However, I keep getting this message while trying to download in google chrome:
File ‘latest.zip’ appears malicious

I’ve downloaded from http://piwik.org/download-piwik/

I’ve downloaded from http://builds.piwik.org/latest.zip

but I get the same message.

I’ll wait until this is fixed as I don’t want to start a debugging project. Can you let me know when the bad code has been removed?

Thanks in advance.

R Ferris
The OnlineMagic


#2

This seems to be a problem with Google Chrome. None of the other browsers on my system complain.

My Windows 7 system has Chrome, Safari, Firefox, Opera, and IE 10 on it. All are at the latest available revision level. I normally use Firefox.

I told Chrome to save the downloaded file anyway, and then I scanned it with Avast. Avast couldn’t find a problem.


(Matthieu Aubry) #3

I have posted a message in Google chrome forums but nobody replied or did anything at google…

https://productforums.google.com/forum/#!msg/chrome/hBo5cHHmqY8/-_2STr43r5oJ

I’m not sure what to do next, to get the file white listed. Google harmed Piwik by doing this, but trying to get google attention is not easy.


#4

You can tell Chrome to keep the file (i.e., treat it as “not harmful”) . It’s one of the options available to you when you click on the “down” arrow to the right of the notification about the downloaded file. There’s no need to change any of the security settings in Chrome.

Chrome might be complaining about the file name. Honestly, “latest.zip” is a bit silly and not very meaningful.

The file will be stored in the usual location for downloads. You should use your favourite antivirus program to scan the file before unzipping it and installing Piwik. If you want to be absolutely sure, you can also use your antivirus program to scan the entire directory that results from the unzipping process before launching the Install.

I won’t comment on Google’s attitude towards Piwik, but I have my own opinions.


#5

I did a few more tests on my own server.

I uploaded the file “latest.zip” to my server, and then launched Chrome to download it. Chrome did not complain about the downloaded file, no matter whether the original file was first downloaded from the Piwik site by Firefox or by Chrome.

It seems as if Chrome doesn’t like the Piwik site.

Conclusion: Either don’t use Chrome, or tell Chrome to keep the suspect file after downloading.


#6

I just tried in my Chrome version, and I did not get a warning. Google doesn’t want to protect me? :frowning:

[quote=matt]
I have posted a message in Google chrome forums but nobody replied or did anything at google…

https://productforums.google.com/forum/#!msg/chrome/hBo5cHHmqY8/-_2STr43r5oJ

I’m not sure what to do next, to get the file white listed. Google harmed Piwik by doing this, but trying to get google attention is not easy.[/quote]

@Matt

Are you signed up for Google’s Webmaster Tools? They have instructions for how to proceed with getting your site, and files cleared, fairly quick. There is an option to submit your site for immediate review, in there somewhere.

Because the source files contain tracking code, the Google bots have thrown a flag; thus marking this file as possibly malicious. Just a thought to help maybe get you somewhere, a bit faster.


#7

Thank you all for a quick response to my inquiry.

@canajun2eh: I sandboxed the downloaded file, “latest.zip”, and scanned it with Norton - no malady was found. I put the file on my server and downloaded, with Google, with no problem. This leads me to believe that Piwik’s site has been flagged by Google and that any downloads from that site are considered malicious.

@Matt: I read your post to Google; they’ve been doing this to Piwik’s site for a few months now. Sorry.

I must let the viewers reading these posts know that , after a great deal of research on this situation and the product itself, this software IS SAFE to download and it gives you quick and powerful info that is easy to evaluate for your needs and decisions.

I was looking for a comprehensive stat suite for one of my client’s sites. It had to be easy for them to use as they are not computer savvy. This looks to be a perfect match, with a lot of strong & useful data displayed on one page to easily and quickly evaluate its relevant meaning.

I was very hesitant to download at first, but now that I see it is a Google issue with Piwik’s site and not the software itself, I have downloaded it and I’m in the process of setting it up on my client’s site, making documentation for them on how to use it.


(Matthieu Aubry) #8

We have signed up to webmaster tools and google does not give any warnings there. I have asked a friend working at google if he can help us, but not sure. Fingers crossed!


(Matthieu Aubry) #9

Today we have tweeted a public announcement that we are looking for help from someone at Google Matomo Analytics on Twitter: "@google more info at https://t.co/59yFR6ZE19 and http://t.co/uWTLHZkAI4"

We hope someone kind @Google will help us un-mark our file as virus on Google Chrome on windows…