Today our Squid proxy server denied the download of GoogleGears.exe saying it found a virus (Trojan.Downloader-90750). At the begin I thought, this must be a false-alert by ClamAV but by doing a refresh of the download site, the download worked and after another refresh the same virus was found again.
Here what the squid logs are saying:
1) Download blocked - Virus found:
1269416489.415 372 internal IP TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? squid.user DIRECT/74.125.79.136 application/x-ms-application
Wed Mar 24 08:28:43 2010 [29891] LOG Redirecting URL to: http://squid. ip/clwarn.cgi?url=http://dl.google.com/tag/s/appguid%3D %7B283EAF47-8817-4c2b-A801-AD1FADFB7BAA%7D%26iid%3D%7BF5B2DDAE- AC72-6B11-E4D9-E2ADF4A58E0B%7D%26lang%3Den%26browser%3D2%26usagestats %3D1%26appname%3DGears%26needsadmin%3DTrue/gears/ GearsSetup.exe&source=internal.IP/-&user=squid.user&virus=stream: +Trojan.Downloader-90750+FOUND
2) Download worked, not blocked, no virus:
1269420614.010 26 127.0.0.1 TCP_MISS/200 379 HEAD http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? - DIRECT/74.125.79.190 application/x-ms-application
1269420614.060 50 127.0.0.1 TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? - DIRECT/74.125.79.190 application/x-ms-application
1269420614.164 182 internal.IP TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? squid.user DIRECT/74.125.79.190 application/x-ms-application
Note the different remote servers of Google: 74.125.79.136 (Virus found), 74.125.79.190 (download without problem).
I tried to contact Google but as everybody knows, it is difficult to get in touch with the admins over there. We'll see if there was really a virus on one of the Google servers.
google virus guy from India wrote on Apr 30th, 2012:
Seems like Google servers also infected with viruses, Not good.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder