As soon as chrome finishes the download I get a message: dangerous, so Chrome has blocked it. message on the downloaded file. I have not gotten this in the past.
Maybe your site has been hacked? Is there a md5 or sha1 hash that I can use that has a gpg signing that I can trust came from the developers? I've seen this with other open source software.
Am 24.02.20 um 19:54 schrieb Jeff Sadowski:
As soon as chrome finishes the download I get a message: dangerous, so Chrome has blocked it. message on the downloaded file. I have not gotten this in the past.
Maybe your site has been hacked?
No. This is Chrome trying to be smart, but actually being stupid.
It will probably just take some time/number of downloads to get whitelisted - The current release is just over a week old, so obviously the download numbers are low and it will trigger the "low number of downloads, possibly malicious" heuristics of some Antivirus products/Browsers. The previous stable version doesn't generate such a warning for me - due to its age.
The proper way, if you're using an Antivirus or a Browser that complains about X2GoClient, would be to escalate the issue with the manufacturer of the Antivirus/of the Browser, reporting it as a false positive. The more reports they get, the more likely it is that they will whitelist it sooner.
Is there a md5 or sha1 hash that I can use that has a gpg signing that I can trust came from the developers? I've seen this with other open source software.
My guess is that you are referring to the Windows installer, as the Linux packages are signed in a way that the package management software can verify their integrity automatically.
The current release can be found here: <https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe>
If you remove the actual filename ("x2goclient-4.1.2.2-2020.02.13-setup.exe") from that URL, you will end up in the directory, where you can find MD5, SHA1, and SHA256 hashes and an ASC file with the gpg signature.
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
On Mon, Feb 24, 2020 at 1:28 PM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
Am 24.02.20 um 19:54 schrieb Jeff Sadowski:
As soon as chrome finishes the download I get a message: dangerous, so Chrome has blocked it. message on the downloaded file. I have not gotten this in the past.
Maybe your site has been hacked?
No. This is Chrome trying to be smart, but actually being stupid.
It will probably just take some time/number of downloads to get whitelisted - The current release is just over a week old, so obviously the download numbers are low and it will trigger the "low number of downloads, possibly malicious" heuristics of some Antivirus products/Browsers. The previous stable version doesn't generate such a warning for me - due to its age.
The proper way, if you're using an Antivirus or a Browser that complains about X2GoClient, would be to escalate the issue with the manufacturer of the Antivirus/of the Browser, reporting it as a false positive. The more reports they get, the more likely it is that they will whitelist it sooner.
Is there a md5 or sha1 hash that I can use that has a gpg signing that I can trust came from the developers? I've seen this with other open source software.
My guess is that you are referring to the Windows installer, as the Linux packages are signed in a way that the package management software can verify their integrity automatically.
The current release can be found here: < https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020...
If you remove the actual filename ("x2goclient-4.1.2.2-2020.02.13-setup.exe") from that URL, you will end up in the directory, where you can find MD5, SHA1, and SHA256 hashes and an ASC file with the gpg signature.
Kind Regards,
Stefan Baur
--
BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
Thank you so much for the answers. I doubt my AV's will have issue with it. I think it was only Chrome. Now that I know that I'll give it a try.
x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2/24/2020 10:54 AM, Jeff Sadowski wrote:
As soon as chrome finishes the download I get a message: dangerous, so Chrome has blocked it. message on the downloaded file. I have not gotten this in the past.
It's also not difficult to end up on RBLs, a complaint, a signing issue, some AV reporting what we know to be false positives that requires people to flag those publishers with reports that the resource is in fact legitimate does help in getting things removed from these lists - as was previously recommended by Stefan and Jeff.
Although perhaps not on-topic, strictly speaking is the notion that you may wish to consider ditching Chrome for Chromium or Brave or Vivaldi if you like Chromium based browsers, or try it with Firefox.
I have issues from time to time under Windows, when attempting d/l's from some sites that subscribe to the methods of signing that Microsoft likes, instead of the preferred Universal methods that are standard and used in the UNIX world.
In such cases, say, when you d/l something and then as soon as you attempt to launch the installer find that it gets whacked and deleted/quarantined when you do, another option is to manually whitelist it in the offensive and overly zealous AV app or OS. I like to pick directories and mark them as whitelisted or excluded and put things there that the system tries to eradicate.
Bradley D. Thornton Manager Network Services http://NorthTech.US TEL: +1.310.421.8268 -----BEGIN PGP SIGNATURE----- Comment: Find this cert at hkps://keys.openpgp.org Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQEzBAEBCAAdFiEENWT7St9Eg6sLyiLAuIw5wQytyEkFAl5XJdUACgkQuIw5wQyt yElIuQf8Cc47Me3hz9xfvutCKff8iG8NxSEmfj+gCuaBSlRKlDEGLo2BNYNyuH3+ kZTAtGowIXcYDwnrh9WT+GQ414khTmPRMJVR4WSnCmG3liPHjvbVQQX1ZN+7ZUS6 Cjm3nUjOovW9dc3B9aEFpTvlS7rGWRHQnZvB4OOgKsJifGpW9kcBBYCVmDqjD5Xm kzEBYHsXLtUvGxDNpiA3ViajESRZf1NzfPm3TzHqbljeVOqEuJXmff0jRNQB+d0g 8UptF6GB5Gq8enMFwJwj6tCjTDuEd6mnzvyKI8lLt/c+uJDQ4w6kQPOkxBpjHnLY xOX+Tlq9IvZBL70azj07G6fVW53Dkw== =ASrU -----END PGP SIGNATURE-----