Google is flagging webmail as a malware site
Problem reported by Nick Hayer - January 18 at 7:20 AM
Submitted
This is just an fyi in-case you are running SmarterMail Version - 13.3.5535
http://mail.madriveraccess.net/Login.aspx according to Google is malware. On our server login.aspx is dated/last modified on 02/26/2015.   We have obviously requested whitelisting but the up to 72 hrs for removal is not heartening.
 
 

10 Replies

Reply to Thread
1
jorge.mx.neto Replied
0
Scot Desort Replied
FYI we had a 13.5 site get flagged on Tuesday. We FORCED SSL, removed the FORGOT PASSWORD link, and they denied the review. It's still red-flagged. IN the process of upgrading to 15.x tonight. Very frustrating. Something in the 13.x code is causing this.....
0
Scot Desort Replied
We did those steps Nick. No dice. They won't remove the red flag

Something in the 13.x code is suddenly causing google to flag the smartermail Login.aspx file specifically - NOT for malware. They Flag it as "DECEPTIVE" under the "social engineering" class of deceptiveness (phishing/password collection/etc).
0
Scot Desort Replied
UPDATE: In case anyone is interested, we upgraded our customer's site last night from 13.5 (which was red flagged as "DECEPTIVE" by Google (in the "social engineering" sub-category), to 15.7.x. We then requested a rescan of the site and they cleared the flag.
 
We had previously:
 
- turned off "password recovery" which removed the FORGOT PASSWORD link (and the associated javascript) from the login page
- forced SSL for all webmail traffic through a modification to the web.config file
- scanned the entire server for malware
- manually inspected the files in the SM webroot and /scripts folders for any new or changed files
- ran the SM web URL through external scanners (such as quttera.com, sucuri.net and aw-snap - all clean)
 
The only thing that solved the problem was getting off of 13.x. If you are in a position to do so, that may be your only option, unless SM can figure out what is tripping this particular Google alarm in the 13.x code and providing a hotfix file of some kind.  13.x, I imagine, is no longer officially supported, so I don't know of any other recourse for you. And Google did not disclose any specifics about what code on the site it read as "deceptive". Lastly, let's hope that Google doesn't suddenly find something in 15.x or 16.x it deems as dangerous.
 
 
 
0
Kyle Kerst Replied
This Google alarm is triggered by the lack of an SSL certificate 9 times out of 10. Since your web interface asks users to complete a password field, if you're not running an SSL certificate your browser will throw this warning. Install an SSL certificate, and force HTTP-->HTTPS redirect in IIS. 
Kyle Kerst Cameron Solutions LLC www.cameron-solutions.com
0
Paul Blank Replied
FYI, I have an client on SM v11.x, forced SSL enforcement (for years now), and have had no issues of this type.
0
Scot Desort Replied
let me repeat. WE HAVE SSL AND IT IS FORCED. If you try to connect with http, we redirect you to https using IIS.
0
Scot Desort Replied
1. 11.x may not have the code issue
2. Google may not have crawled your webmail URL.

It is not an SSL issue.
0
Paul Blank Replied
I totally believe you! I was responding to Kyle's comment as if it was a valid explanation. I stand humbly corrected. Thanks for posting all your research here!
0
Scot Desort Replied
no problem Paul!

Reply to Thread