Clean-MX

Fuck youI received an e-mail this morning from my hosting company, MediaLayer. They were passing on to me a complaint they had received from clean-mx.de, a spam filtering outfit in Germany. It seems that Clean-MX had been scouring the web and came across a file that it didn't like on my domain, and so they decided to take action.

They didn't contact me directly, though. Even though there's a handy Contact link on the main menu bar of every page on this site and a valid e-mail address in the domain's WhoIs record, so there's no excuse for not contacting me (also, all the standard contact addresses like abuse@ and postmaster@ work just fine.) Rather, they assumed that not only was the file in question malicious but also that I could not be trusted to remove it; they defaulted to the opinion that they were right and that I was intentionally hosting malware. Wrong on both counts, Clean-MX. And to add irony, the file in question is actually a malware removal aide.

Their system classified the file as Backdoor/Win32.Hupigon.gen, a specific diagnosis shared by only one malware scanner I've found: Antiy-AVL. I've never used Antiy-AVL (or known anyone who has) but relying on only one malware scanner's opinion when conducting an operation like this is just laziness, if not outright incompetence.

Medialayer, for their part, set the permissions of the file to 000 and then contacted me. This, I think, is an appropriate and balanced response. I was able to verify the checksum of the file, to make sure it hadn't been changed without my knowledge, and then change its permissions back myself. In all, the file was inaccessible for perhaps an hour while the rest of my site was left alone. Medialayer, once again, makes me glad I'm their customer (if you're reading this, Gurpreet's boss, give him a raise and a week's vacation because he's a great CSR/Tech.)

In the past, and even quite recently, I myself have discovered what appear to be malicious files on otherwise legitimate websites. Do you know what I do in those situations? I contact the webmaster/owner of the website using either their contact form, the WhoIs contact address, or the generic abuse@ address. I give them a link to the page and explain what I think is going on and, if applicable, a link to a VirusTotal scan of the file(s). For example, just this past week someone attempted to break into one of my servers and download some cracking tools from an FTP server. I looked up the server being used and found that it was an otherwise perfectly normal site for a NPO. I e-mailed the contact in WhoIs with the facts and they fixed the hole.

But Clean-MX? They e-mail my host and state matter-of-factly that I am hosting malware and ask my host to shut down my website. Excuse me?

Dear abuse team,
please help to close these offending viruses sites(1) so far.

Now, I understand that if you're plumbing the depths of the internet for malware, you'll never have the manpower necessary to manually verify each and every hit your automated scanners turn up. That's fine! I understand! But if you don't verify these things, you don't ask the domain's web host to take an entire website offline and accuse the site's administrator of a felony. To me, that's just common sense. To do otherwise is certainly unethical, and probably actionable.

But then I got to thinking. Why would a spam filtering company be scanning websites in search of malware? Could it be that they scan for supposed malware so that they can send an e-mail to web hosting companies, one of their target customer groups? Hmmm.

Clean-MX.de should either revamp its practices in this area, or shut the fuck up. The internet has enough assholes, thanks. And kudos to MediaLayer who acted quickly but not rashly, and with common sense in the face of bullshit alarmism.

 

June 17, 2011

Write a comment

  • Required fields are marked with *.

declan
Posts: 3
Comment
If you live in europe
Reply #3 on : Wed February 15, 2012, 02:48:28
If you live in Europe then you will know the .de suffix pertains to Germany, and as such is subject to European law. Those laws which are relevant are similar to UK laws which I state here, in rough and approximate terms, that you cannot make make baseless malicious or defamatory remarks about a company if that will in any way harm the revenue or the reputation of a business company. For example, in the UK, and therefore Europe, It is illegal for an individual or a company to make, false, misleading, or baseless and defamatory, remarks on the internet. If you or your company has been the subject of such libel by clean-mx.de I would suggest strongly that you ask a lawyer to send them a cease and desist letter and if they continue to make baseless remarks either in comments on the internet or to your ISP or web host then I would take further legal action. This is how deep the laws go. Suppose someone advertises a veterinary practice on the web and I have never visited that practice but, just for a laugh or to be malicious, I spread rumours on the web that they are a bad practice and/or that I was ripped off by them etc, then I would fall foul of such a law. The same applies in this case, its incumbent on clean-mx.de to show beyond doubt that there is infact an infected file on a server, not simply that they believe there to be an infected file
Steve
Posts: 3
Comment
Did the same to me
Reply #2 on : Sun November 20, 2011, 04:15:22
I found out today that Clean-MX sent an email 4 days ago to my web host almost demanding they remove my sites, servage.net being a bunch of asshats removed my entire account and not just the single file in question (note its a windows executable on a Linux box so no danger to them)

I've had several support ticket discussions with the retards at servage.net explaining that the file was written and compiled by myself I also provided file size and an md5 checksum to verify its authenticity. Ten hours after the first support ticket and four days downtime before I found out about it and all my sites are still down.

fck servage for taking the word of some third party stranger over a long time paying customer.

and fck Clean-MX for the filthy underhand way they run their "service"
Hans
Posts: 3
Comment
join the club
Reply #1 on : Fri November 18, 2011, 08:22:28
Join the club. i received the same treatment from them. One day my entire vps was just down because the hosting company complied with the "demand" from clean-mx. It took me about 2 days before i was told what was wrong, before i recovered access to the box and disable the files.

The files i'm still hosting today do not contain a virus. I moved them to a different server and just noticed that clean-mx has once again found them. And again they don't send me an e-mail. However since the discovery was a month ago and the VPS is still up i don't beleive the ISP is gonna take action this time.

I tried to reason with clean-mx, but without result. I send them e-mail, i even used a signed-for snail mail. Never got any decent response from them.

People like this should simply be banned from the internet.