Kaspersky
Solved

Our website static files bucket, hosted on Amazon Web Service S3, is getting blocked

  • 20 September 2019
  • 14 replies
  • 204 views

We have several customers complaining to us about weird display on the website, not being able to browse through it, and so on.
After some research, we found out that all customers impacted are using Kapersky.
Kapersky is blocking the downloading of the static files needed for the website to run (style, script, and so on).
There's nothing particular here, thousands of websites use Amazon Web Service S3 to host their static files, and it seems like you block Amazon url for no reason, impacting a lot of businesses. I'm pretty sure there's nothing dangerous for the user in our couple CSS and JS files, particularly downloading them while they come on our website by their own choice. That's just a basic way to run a website...

We are unsure what to answer them. We tried to guide them on how to unblock us, but it seems quite complicated for people who don't know their way around a computer. And also, it cost us a lot of ressources to do the assistance for your services.

Until this is solved, we are guiding them on how to switch to an other antivirus not blocking our website, because I do believe you are the only one struggling with AWS S3...
icon

Best answer by Schulte 3 October 2019, 13:27

Hi @RemyAlves,
in the meantime, I was able to reproduce the problem.

Amazon Web Service S3 is not completely affected, only your subdirectory 'xxxxxxxxxxxxxxx.s3.amazonaws.com/public/'.

The Anti-Virus Lab has been informed and will re-examine the site.
The result may take some time, I will pass it on as soon as possible

EDIT:

Hello,

URL was removed from blacklist. It will be fixed in the next update. Thank you for your help.

Best regards, Xxxxxxxxxx Xxxxxxxxx, Malware Analyst
View original

14 replies

Userlevel 7
Badge +5
We are unsure what to answer them.

Hello @RemyAlves
Welcome!
It is true, thousands of sites use Amazon Web Service S3 hosting services.
It is also true, sometimes, sites hosted by Amazon Web Service S3 are unsafe.
On the other hand, it can be true, www's or embedded links on those sites, detected by Kaspersky software, are false positives.
  • The solution is simple:
  1. With Kaspersky software running, go to the sites being detected, then go to Kaspersky application, choose REPORTS > Detailed Reports > export REPORTS, save as TEXT files, upload the reports, using the UPLOAD icon in your reply.
  2. Also, using the TOOLs available at Kaspersky Virus Lab, you may wish to submit the detections, ask the Lab to analyse & verify the detections, if the detections are false positives, Kaspersky will fix, if unable to be fixed, Kaspersky Lab will tell you why.
  3. Also, other online sites are available, data can be analysed by 70 engines, that will give you immediate information that you can use to either support your case when engaging with Kaspersky or inform you as to why the detections are happening.
Thank you.
I do not have Kapersky, we are just a third party impacted by this false-positive issue. Our customers do through, but it's complicated for us to ask them that report.

I've sent it to the Kapersky Virus Lab, and after the automatic email saying it is safe, and the "We will thoroughly analyze URLs you sent.", I never had any news... Being waiting for almost two weeks already.

Also, here are two reports saying that we are completely safe.

What are the next step to get our website unblocked asap?

Userlevel 7
Badge +3
What are the next step to get our website unblocked

This Forum cannot fix this issue , please continue with K-Lab Tech Support https://center.kaspersky.com
Userlevel 7
Badge +5
(1) I do not have Kapersky, we are just a third party impacted by this false-positive issue.
(2) Our customers do have Kapersky, but it's complicated for us to ask them that report.
(3) I've sent it to the Kapersky Virus Lab, and after the automatic email saying it is safe, and the "We will thoroughly analyze URLs you sent.", I never had any news... Being waiting for almost two weeks already.
(4) Here are two reports saying that we are completely safe.
(5) What are the next step to get our website unblocked asap?

Hello @RemyAlves,
Please provide an exported report as I requested in my reply 11 days ago.
Thank you.
How do I provide a report if I don't own your software exactly???
That's all I got from our customers.
Should I buy the software, install it, just to get a report? There is not other way?

Userlevel 7
Badge +4
Could you please send me the URL of your website via PM?
Maybe I (and the other mods) can support the support...
Userlevel 7
Badge +5
That's all I got from our customers.
Should I buy the software, install it, just to get a report? There is not other way?

Hello @RemyAlves,
There are multiple ways. as per my previous, and @Schulte, please export the report, save as a text file & upload using the Upload icon in your reply.

You do realize, as I wrote pretty much couple times already, that I do not own Kaspersky, nor have it installed. Only our customers does, and I don't have access to their computer as you should guess.
The screen you are pointing at is, again as said previously, a screenshot sent by one of our customer.

Is it a "lost in translation" situation, or a lack of reading / attention going on here?

And no, @Schulte did not asked me to export the report, because he read my post and understood that I can NOT do that.
Please do not participate in this conversation anymore if it's not to add any solution to the mix, and just stutter that I need to export a report that I can not get my hands on.
Userlevel 7
Badge +4
Hi RemyAlves,
I received your PM.

At first sight everything looks normal to me, the welcome page is displayed without errors.
Is there a problem after logging in?

@mods: see 'Team Notes'
Userlevel 7
Badge +5
  1. You do realize, as I wrote pretty much couple times already, that I do not own Kaspersky, nor have it installed. Only our customers does, and I don't have access to their computer as you should guess.
  2. The screen you are pointing at is, again as said previously, a screenshot sent by one of our customer.
  3. Is it a "lost in translation" situation, or a lack of reading / attention going on here?
  4. And no, @Schulte did not asked me to export the report, because he read my post and understood that I can NOT do that.
  5. Please do not participate in this conversation anymore if it's not to add any solution to the mix, and just stutter that I need to export a report that I can not get my hands on.

Hello @RemyAlves,
Yes, I do realize. I don't need to guess. I read everything you wrote. Nothing is lost in translation. Everything is crystal clear.
Thank you.
Userlevel 7
Badge +4
Hi @RemyAlves,
in the meantime, I was able to reproduce the problem.

Amazon Web Service S3 is not completely affected, only your subdirectory 'xxxxxxxxxxxxxxx.s3.amazonaws.com/public/'.

The Anti-Virus Lab has been informed and will re-examine the site.
The result may take some time, I will pass it on as soon as possible

EDIT:

Hello,

URL was removed from blacklist. It will be fixed in the next update. Thank you for your help.

Best regards, Xxxxxxxxxx Xxxxxxxxx, Malware Analyst
I really appreciate your help @Schulte, thank you a lot!

I will keep all our customers aware of that, this is great to hear.

Anything in particular to do to avoid that in the future? I'm not sure how it happened on the first place. Did somebody flagged us?
Userlevel 7
Badge +4
Hi @RemyAlves, you're welcome.

How it happened will probably remain the secret of Kaspersky. It was probably simply a 'false positive' of automatic detection. As far as I know, other users' ratings are not taken into account.

I'm sorry it happened to you. You can't avoid such problems, they will probably occur in the future (but hopefully not on your site again)...

Reply / Ответить