1 yr. ago • 92%

Antivirus always flags these two instances(?)

Everytime I browse Lemmy, my Bitdefender always pops up

Should I just ignore and/or whitelist this? Gotta admit it's a bit c/MildlyInfuriating tho...

24 comments

My Avast doesn't say anything when visiting those instances, although it blocks connections to derp.foo even when it's just pictures browsing from lemmy.world. It says it's being infected by "URL:Botnet".

4
- People still use Avast!?
  
  5
  
  Eh, it's kinda annoying but it does its job. Plus I hate subscriptions and the best free option I've found (I don't think they do one-time payment AVs anymore?) is Avast + Malwarebytes. What do you suggest?
  
  1
Here is a log when browsing Lemmy over the last week or so, as of 10th July.

Believe the derp.foo and .today are both federated instances. Don't know what the other rows are.

3
I think you can just white-list them

1
I had that popup too. I found the actual URL it was triggering on, and submitted a false positive to BitDefender. I would recommend you do the same. BitDefender should then release an updated database that whitelist it.

Link: https://www.bitdefender.com/consumer/support/answer/29358/

1
- When something like these pop up, what steps can someone take to determine whether they are false positive and actually safe or a valid alert?
  
  2
  
  BitDefender is actually really bad about giving you useful information to go off. Ideally it should tell you exactly what malicious action or malware it's detecting. If your AV does this, you can see if the particular type of detection makes sense.
  
  For example, if it's an executable file with a clearly displayed malware name "Trojan.BadTimes.X" or something, that's really bad news. Same for URLs. However, sometimes AVs will flag "malicious behaviour", which gets trickier. They will often flag qBittorrent or other legit apps that are used to download pirated software, etc.
  
  What you can do is to submit the file or URL that was flagged to VirusTotal. This shows you a comprehensive list of whether any other antivirus software is also marking the file/URL as infected.
  
  Generally though, I'd play it safe. I'd get in touch with the page owner or google around to see if this is a known issue, and unless I can be completely sure it's actually safe, I wouldn't use it.
  
  3
This has nothing to do with lemmy.world.

-4
- Well, those are federated communities so looking into whether the threat is real or not could be useful I guess.
  
  8
- Lemmy.world is not an island, it's part of the fediverse as every other instance is, this case is most probably a false alarm but it doesn't hurt to investigate anyway.
  
  2

You've viewed 24 comments.