Apologies that this is probably not the correct place to ask, but I couldn't find another contact point.
When a website gets flagged by Google SafeBrowsing as containing malware, normally the site owner can clean up their site and submit a request for a recheck, or just wait for a periodic rescan of their site. My understanding is that the requests are facilitated through a Google Search Console account. However, in the case of a GitHub repository being incorrectly marked as containing malicious files, there is no way for that project owner to sign up for a Google Search Console account for just that project (it must point at a domain or subdomain).
I'm a project contributor to al-Khaser, which is a tool designed to be used by malware analysts in order to see how susceptible their virtualised or sandboxed analysis environments are to detection. Another use of the tool is for testing the efficacy of anti-virus heuristics that look for such VM/debug detection tricks; put simply, the point is for our tool to be detected as malicious even though it is not.
For a while we offered binary releases, but Google SafeBrowsing has picked up these binaries and (quite understandably) marked the repository as potentially malicious. A few months ago we removed the release binaries from the repository in the hope that this would resolve the issue, but the warning remains. I suspect that this is because the release binaries are still available in the commit history. Understandably we cannot remove them at this point.
Is there someone we can contact in order to whitelist the repository?
Apologies that this is probably not the correct place to ask, but I couldn't find another contact point.
When a website gets flagged by Google SafeBrowsing as containing malware, normally the site owner can clean up their site and submit a request for a recheck, or just wait for a periodic rescan of their site. My understanding is that the requests are facilitated through a Google Search Console account. However, in the case of a GitHub repository being incorrectly marked as containing malicious files, there is no way for that project owner to sign up for a Google Search Console account for just that project (it must point at a domain or subdomain).
I'm a project contributor to al-Khaser, which is a tool designed to be used by malware analysts in order to see how susceptible their virtualised or sandboxed analysis environments are to detection. Another use of the tool is for testing the efficacy of anti-virus heuristics that look for such VM/debug detection tricks; put simply, the point is for our tool to be detected as malicious even though it is not.
For a while we offered binary releases, but Google SafeBrowsing has picked up these binaries and (quite understandably) marked the repository as potentially malicious. A few months ago we removed the release binaries from the repository in the hope that this would resolve the issue, but the warning remains. I suspect that this is because the release binaries are still available in the commit history. Understandably we cannot remove them at this point.
Is there someone we can contact in order to whitelist the repository?