Downloaded file is deleted (blocked because of possible virus / trojan)




Downloads API
3 years ago
6 months ago


(Reporter: Herb Pauli, Unassigned)


36 Branch

Firefox Tracking Flags

(Not tracked)




3 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 2015022000

Steps to reproduce:

I downloaded a file that the safe browsing module thinks is a virus or trojan.

Actual results:

At the END of the download (which took a long time) the file was deleted and in the download history only the comment "Blockiert: Enthält eventuell einen Virus oder Spyware" / "Blocked: Potentially contains a virus or spyware" (might slightly differ from the real english message) is shown.

Expected results:

Whatever you think is necessary to warn the user, BUT:
Give the user a chance to recover the file or refuse the download of the file at the beginning and not at the end.

Comment 1

3 years ago
Recovering is not implemented yet, not sure about refusing.
Blocks: 1062966
Component: Untriaged → Downloads Panel
Unblocking was implemented in bug 1137909, we're going to get it into Firefox 38.
Component: Downloads Panel → Download Manager
Product: Firefox → Toolkit

Comment 3

3 years ago
Ok for Firefox 38 and 39.
but for Fx 36? requests it to ... and Fx 37!)

Comment 4

3 years ago
With the way the system works, is it possible to warn the user before they attempt the download? 

(In reply to Bob49 from comment #3)
> Ok for Firefox 38 and 39.
> but for Fx 36? requests it to ...
> and Fx 37!)

You've been able to globally disable the blocklist since it was implemented: change browser.safebrowsing.downloads.enabled (and possibly browser.safebrowsing.malware.enabled) in about:config.

You do this at your own risk, of course.

Comment 5

3 years ago
nothing disabled, no changes via about:config pour Fx 38 and 39.

Today blocked site ... 
Upon opening the wire, only the download was blocked

see my words and screenshots >

Yes, hazards to the user ... as always mentioned.
You need to log in before you can comment on or make changes to this bug.