is there way to submit and URL/service, rather than mere file ?

the spam “see me naked” came this week while i been offline for long, and file foto.exe (yes, it really is what the name suggests - http://virusscan.jotti.org/ru/scanresult/a8d8f25bc4bbdeffca27d836774cde3aacb698c9 ) is alive on www still at original spam link Облако Mail.ru - Бесплатное облачное хранилище для передачи и хранения данных онлайн

the service is online file storage that

  1. neither on the download page nor in linked FAQ mentions that files on the net may be malware
  2. there is no user feedback, so even if some user would notice the file is malware - he has no way to alert other victim users
    2.1) nor can he alert administrators, so no one would remove the files and so the uploaded virus would remain there for weeks

I suggest that Comodo blocked the whole domain files.mail.ru until they would someday care to suppress malware

I also suggest Comodo has easy online ways to report FN/FP URLs, not just mere files

I don’t recommend this course of action. Taking it would be unwise. This IS a public site, and file repository. As such, any public repository may be filled with malware. This is the risk you choose if you wish to use such a site.

My recommendation, to you, if you are a member of this site, please contact the site admins/management and ask them to post a warning of possible/potential malware on such a public repository.

This is not something Comodo should be doing.

As for reporting URL’s, please check this link.

of course any user-generated content might content malware.

the question is - how fast the malware would be removed.

I consider the service, where malware removal is by design not possible at all, is inevitably otentially dangerous one.

Of course, it is left to you, where to flag it or not.

At least maybe you’d consider scanning download links from its pages, ad then make flagging on per-page basis, if you not want to flag it per-domain ?

This is something your firewall and AV (use CIS) is designed to protect you from.

Yes, that sounds better…

However

  1. this describes sending false positives, not false negatives (my case)
  2. the suggested URL Void service reduces URL to a domain name, which might be not enough to discuss the service with pointing to concrete examples
  3. Secure DNS is optional and not always desirable tool, while CIS is the main. So searchign for such an info there requires quite a pre-knowledge.

I ask you to discuss this with coleagues and perhaps make and pin in this forum a policy for reporting URL’s like u have for files. In this forum, not in Secure DNS one :slight_smile:

This is something your firewall and AV (use CIS) is designed to protect you from.
i do have Comodo Firewall (otherwise what would i do here?) and Avira Antivirus.
Obviously none of them protected me from the file, only the human reason.

Obviously any antivirus can only protect against well-known widely-spread virus. The reported one is new, and as u can see on Jotty, very rare AVs detect it yet.

But this just repeats itself, i believe Comodo is to protect users from the service itself, until it implement some protective measures, u believe u should not. Matter of tastes may be…

CIS firewall will prevent any unauthorized connections either from inside or outside your computer. The HIPS (Defense+) along with the sandbox will stop any unauthorized (unknown) programs from running on your computer, thus preventing any malicious activity and protecting your computer. The AV will stop aything it detects in memory and when it is accessed on your drives (yes, this is signature based, but along with D+, sandbox, and the firewall, you really don’t need anything else. This is all I use and I am protected and feel secure)

Oky, i use Firewll + HIPS, then i use Avira and Sandboxie
So the toolset is almost the same, though made from different components :slight_smile:

however for me and you the very content of mail is enough to trigger alert.
and “photos.exe” is just a clear banner :slight_smile:

To less experienced person HIPS would not be of much use though, they sonetimes just do not understand difference between documents and programs :frowning:

Okay, we’re going into offtopic here :slight_smile: