Issue with the file about adfilt HOT 28 CLOSED

That filter is designed for AdGuard for Windows, hence why uBo rejects it.
However, it's disabled in uBo anyway (!#if adguard means that filter is only active in AdGuard).
Thanks.

from adfilt.

@iam-py-test
This is why I posted the message:

translation from french into english:
Infected web page detected
5 minutes ago
Feature :
Online threat prevention

We have blocked this dangerous page for your protection:
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt
Dangerous pages attempt to install software that could damage your device, collect information or act without your consent.

from adfilt.

Bitdefender AV

from adfilt.

I am reporting a false positive to them

from adfilt.

here is the return:
curl: (2) no URL specified!
curl: try 'curl --help' for more information

from adfilt.

if I type https://raw.githubusercontent.com in Firefox I arrive on the homepage

from adfilt.

Wouldn't it have been better to "defang" the urls rather than outright remove them (replace . with [.], https with hxxpx, etc)? IMO removing the examples makes it harder to figure out why rules exist.

Hmm, great point, actually.

For the moment the new link has not yet triggered a BD alert.

Good to hear.

from adfilt.

ESTsecurity seem to be the only remaining false positive, and I really don't want to install a desktop program solely to report a false positive (especially when they don't seem to have a URL text box in the report form either).

So I declare this situation to be de facto fixed.

from adfilt.

What antivirus/antimalware do you use?
Thanks

from adfilt.

• "Infected web page detected"
What in the absolute flying fuck is Bitdefender's company team doing??!

from adfilt.

ok.
you can send an email to [email protected] (support)

from adfilt.

@DomOBU are you on Windows?
If so, please open Command Prompt (search for cmd.exe in the Windows search) and type/paste curl -vvv https://raw.githubusercontent.com, and see if this triggers an alert?
I am curious if this is only Legit URL or if all of GitHub's raw.githubusercontent.com website is blocked
Thanks

from adfilt.

Odd. I guess I made a typo.
Thanks anyway. Let's see what BitDefender says.

from adfilt.

I guess it's just legitimate URL. Weird, though.
Thanks

from adfilt.

Any updates on the plans to get the page whitelisted in Bitdefender?

from adfilt.

Since the message from Bitdefender I had disabled "➗ Actually Legitimate URL Shortener Tool" in the uBo filters list.
I've just enabled it.
Let's see if Bitdefender shows up again for the link.

Have you got a feedback from Bitdefender about whitelisting the link?

from adfilt.

Nothing but crickets. Their automatic response claimed they would fix it within 72 hours if it was a legitimate false positive (how could it not be), but 72 hours has come and went. I can email them again, though.
According to VirusTotal (who isn't always right), they still detect it.

from adfilt.

I enabled the link yesterday.
I got the message from Bitdefender again this afternoon.

from adfilt.

Can you test if https://gitlab.com/DandelionSprout/adfilt/-/raw/master/LegitimateURLShortener.txt works any better?

from adfilt.

I've just added the link in the uBo filters list.
Wait and see.

from adfilt.

@DandelionSprout

VirusTotal score:

• https://gitlab.com/DandelionSprout/adfilt/-/raw/master/LegitimateURLShortener.txt 0/90
• https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt 4/90. There seems to be a real problem with this link

from adfilt.

FYI, G-Data uses BitDefender + their own engine. So, 3/89. ESTSecurity seems prone to false positives, and frankly I have never heard of it before.
Appealing to Fortinet as they are a pretty big corporate vendor.

from adfilt.

I can't do it. But what is the delta between these 2 files that would justify these score differences?

from adfilt.

I did several major updates on the list in the past 40min, which seems the most likely cause.

from adfilt.

Wouldn't it have been better to "defang" the urls rather than outright remove them (replace . with [.], https with hxxpx, etc)? IMO removing the examples makes it harder to figure out why rules exist.

from adfilt.

For the moment the new link has not yet triggered a BD alert.

from adfilt.

For the moment the new link has not yet triggered a BD alert.

I suspect that is just because it's a lesser-known mirror they forgot to blocklist, but what do I know.

from adfilt.

Fortinet has fixed the false positive. Still no word from BitDefender

from adfilt.