No fun. I got an alert from the university that Google found a malware file on the site. It didn’t specify which file. I checked that the .exe files were not compromised (that is not easy: on first upload the server takes an SHA256 hash for the file and regularly validate this still matches while the file and checksums are maintained under different accounts). Nothing wrong. So, it appears to me my PhD thesis which was generated in 2009 and the download file is still the same (says SHA256 comparing to the copy that is still on my machine).
For short, this is false alarm. How do we get rid of this?
Thanks Richard. That was what I was looking for. Says 2 out of 71 scanners do not like the 8.1.14 exe and classify it as phishing and malicious. That (to me) confirms there is no real problem.
I don’t seem to be able to get Google to listen though. I have claimed ownership on the site. That allows to report, but not really that they got it wrong I tried to add a fair description on the process, but that was apparently too long. So I just asked them to properly review the file ASAP.
This is really bad. Except for stopping with Windows binaries I see no option to fix this for once and forever though
Probably related to this…
While building swi from source, I saw a warning that the location of the config file has moved. For further information, I should look to “https://swi-prolog.org/modified/config-files.html”.
When browsing to this page, I first got a notification that it was insecure. And after ignoring that warning, nginx reproted " 502 Bad Gateway"
This looks more like a configuration mistake for me. @jan, adding swi-prolog.org as a server alias for www.swi-prolog.org in nginx should be enough to fix this. (Note: hopefully your SSL certificate was created for swi-prolog.org with as well as without www, otherwise you need an additional server configuration…)
That is an interesting thought. I wonder how vendors deal with this in general. Produce a random Windows binary and it seems it is likely that a couple of virus/malware scanners trigger. I vaguely recall that checking at Google, it was claimed MacAffe was one of the two complaining scanners, while virustotal had two others. Our binary is only 12Mb, so that is fine
If someone knows how to deal with this, please share!
for what its worth, we’ve had our first confirmed case of someone using something else because of this. It’s certainly not the actual first time - I’m sure we’re hemmorhaging users - but found a user on twitter who reports he used GNU-Prolog as a result of the warning. Ran into multiple issues, and got a copy of SWI-Prolog by using MS Edge, Microsoft’s new name for Internet Explorer.