I just updated to 15.4. Trying to open a simple text file (with srt extension) pops this up: "Apple could not verify" xxxx.srt "is free of malware that may harm your Mac or compromise your privacy." Some other srt files open fine.
This is a dealbreaker for me if I can't disable this "feature". I know I can go burrowing into settings and exempt this one file. No. How do I turn off the whole thing?
MacBook Pro 16″
Dessicator wrote:
etresoft, why do you think that's a malware site? I've downloaded many subtitles from it. They have nothing but subtitles in them, and I've never had any trouble.
Any subtitle file that I click on opens up this very respectable looking new "Browser Update" window:
I've obscured the name of the site, but I left the very respectable "xyz" TLD.
To display that page, it redirects to a couple of other similarly respectable domains first. One of those URLs is 12 lines long. It isn't doing these redirect via standard HTTP methods. The first redirect is done via Javascript somewhere on the site itself. I didn't bother to look where. The second redirect is also done via Javascript, but this time using very respectable and very obfuscated Javascript.
Normally I would look at these things on the command line with curl or similar. That didn't work in this case. I had to use Safari's Web Inspector timeline. I must have clicked on links at least 30 times altogether.
But curiously, one of those clicks via Safari's web Inspector actually didn't give me the whole respectable redirection. It gave me a different page with what may have been download links. So it's a website that seems to be able to detect when it's being inspected and alter its behaviour to work more legitimately in that scenario. OK, then!
I did once get a page for the "Best Crypto Casino and Online Sports Betting". Sadly, it wasn't available in my jurisdiction. Maybe because we have laws here?
I keep trying. Now I get a page where I can "Get paid for testing apps, games & surveys". Sure. Oh, look. I can sign in with Google or Facebook, but not Apple. Bummer.
But still I keep trying. I am able to get that legitimate-looking download page one more time. I click on one of the "translate" buttons and I'm back to the original redirector.
But wait! The "English" version has a "download" button. I click that - still the redirection. In not a single case was I able to download an SRT file.
If this really is a source of 10,364,786 subtitles, then perhaps Apple is right to associate SRT files with malware.
Thanks John Galt, that's a good suggestion. But these are text files.
This one Finder refused to open:
jim@JimsMBPro ~: file . . .
Unicode text, UTF-8 text, with CRLF line terminators
This one (with BOM) opened no problem in BBedit (my default for srt):
jim@JimsMBPro ~: file . . .
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hey etresoft, I didn't suggest to Hans or anyone else to "disable their system security" or any part of it. I made the choice for myself to disable that particular feature because nobody came up with a good alternative.
[Edited by Moderator]
FYI: I'd hate to disable the security, so for now I reported the issue with Apple and use xattr to clear the extended attributes for my source folder;
xattr -c -r /path/to/folder
For me this was -never- a problem until I updated to 15.4. 😞
Could not reproduce the SRT issue either, but then again I do not have any SRT files that I had downloaded.
The problem is most likely two fold;
1) the file was downloaded
2) Gatekeeper ignores the fact that both files are plain ASCII Text.
I know reporting may not do a thing, but not reporting for sure doesn't do a thing 😉
Not quite sure how malware can beg embedded in an ASCII file though - besides maybe bad JavaScript pulling in code from elsewhere? I honestly do not know. Not trying to argue that this cannot be done, I just do not know how. And ... it was not a problem until 15.4 😞
I think it's time to put this thread to bed.
I tried again with the OP's site using my 15.4 machine. This time it only took me about 5 clicks to get to an actual "download" page. Of course the "download" buttons don't work. But I was able to right click on the download link and use the "copy link" function. I could then paste that into a new Safari tab and download an actual SRT file from the OP's site.
And guess what? I double-click on it and it works fine. It opens up in VLC.
At first, I was just going to chalk this up to the OP actually downloading malware from that site hosting subtitles from BitTorrent videos. But when I tried changing the SRT file to open with BBEdit instead, then I got the same malware warning. I don't remember if I had tried that on 15.3.2 or not.
But what this means is that the operating system requires that you have an app that advertises the capability of opening a given file. If not, then you won't be able to double-click it. The file can still be opened in a variety of other methods. So if I leave everything on default, then VLC is the only app that officially supports SRT files. I can double-click the file and it opens right up in VLC. I don't have any of the actual torrent videos to test with, but I assume it would work.
Install an antivirus. Macs usually don't need antivirus (despite the fact that they can catch virus). However, it's always a great idea to install one two or three times year, just to run a full deep scan to catch and remove any possible threats. In this case, you should install an antivirus. Avast One Essential is a free good choice. However, if it's a one time only, you can install a better paid antivirus with the free trial. You should, after that, reinstall macOS and, if possible, erase the Mac before (do a Time Machine backup before). After this, you should select manually (to mitigate the risk of transferring again files possibly infected with virus) important files that you have to transfer to your Mac disk. Do not transfer any apps, if possible; always download them manually from the Mac App Store and, if important apps that you use are not there, download them from the internet, only from secure/trustable sources.
Select one of the .srt files, press command+i, in the Get Info window that opens, choose TextEdit from "Open with:" then press the "Change All…" button. That should sort it out.
Thanks, but they still won't open.
Sorry that didn't work. Hopefully someone will have another idea.
I found a fix: https://disable-gatekeeper.github.io/
The fact that a system designed to prevent users from launching applications is also blocking text files suggests it is not well designed.
etresoft, why do you think that's a malware site? I've downloaded many subtitles from it. They have nothing but subtitles in them, and I've never had any trouble.
[Edited by Moderator]
.
Thanks, John. I saw that one last night while on my iPad, and then the recollection fell out of my ear. 😀
I'll give it a go.
Sequoia 15.4 refusing to open files - possible malware
