I often produce mathematical software in Delphi 2009, and publish it on my web site. However, the last year or so, Google Chrome has started to consider a small (but increasing!) number of my EXEs 'harmful', and Google Chrome refuses do download them.

For example, today I wrote a program that visualises the Lorenz attractor. You can find it at http://specials.rejbrand.se/chaos/lorenz/; it's lorenz.exe.

When I use Google Chrome to download this EXE, the following prompt appears:

Screenshot of prompt in Google Chrome http://privat.rejbrand.se/chromeblocklorenz.png

(Yeah, I actually did try it three times...)

This is Swedish, and the text says "%s is harmful and has been blocked by Chrome". The button says "Remove permanently", and the drop-down menu doesn't offer any other actions (like "I know the file is safe, please let me have it").

Obviously, this is kind of a problem. As far as I know, the EXEs are perfectly safe. At least the code I have written is not harmful in any way, but I suspect there is a theoretical possibility that the Delphi compiler has started to add harmful code behind my back.

Questions

1. Is there something harmful about my EXEs?
2. Is there some way to make Google Chrome not block my EXEs?

"Is there something harmful about my EXEs?"

No.

Here's a link to the results of Jotti's malware scan (which results with: 22 out of 22 scanners "found nothing"):

http://virusscan.jotti.org/en/scanresult/df25dbecfccc5d10862f52236d664d48d0c72058

The link to virustotal scan (detection ratio = 0/53):

https://www.virustotal.com/en/file/51d9d637a17f5876c371e5eec164e1dc48a35c56900a3235a9c656d10687814a/analysis/1408587813/

"Is there some way to make Google Chrome not block my EXEs?"

One option is to make it block nothing, evidently it's crap anyway. The option is in the "privacy" section in "advanced settings", here are the instructions:

https://support.google.com/chrome/answer/4412392?p=ib_download_blocked&rd=1

Otherwise, you can check what google thinks about safety of your site:

http://www.google.com/safebrowsing/diagnostic?site=rejbrand.se

The report seems to be somewhat indeterminate. Here's a quote (for rejbrand.se):

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including .

Presumably you can also request a site review in the security issues of google webmaster tools. But apparently it's not always fruitful. That last link also suggests there's a way to send samples to google hoping that they would analyze better (AFAICT it's not part of webmaster tools), but this might not turn out to be practical depending on the number of executables/versions you produce.

I could reproduce this behavior with Chrome with your original EXE.

Is there some way to make Google Chrome not block my EXEs?

I can confirm that after I digitally signed it (with my company's signing code certificate) Google Chrome downloads this file without any issues. This is the most efficient (maybe the only) way to avoid this kind of problems.

Another quick solution is to pack the EXE with RAR. Chrome downloaded it with no problem.

Surely this is a False positive "detection" with Google Chrome. My Antivirus (NOD32) did not found any problem, and other browsers did not have any issues with your EXE.

NOTE also that Your domain might have issues (flagged) as @Sertac Mentioned. If I download your original EXE from my website the error message is %s is not comonly downloaded and could be dangerous. Same goes for any other EXE I uploaded to MY site. (You still have an option to "Keep" the file)

See also here: Google Chrome Browser Will Block Dangerous Downloads Specially this:

As welcome as the new features are, Chrome is in the unusual position of playing catch up to Internet Explorer 9, which features an arguably superior method of blocking potentially malicious downloads. Microsoft's SmartScreen Application Reputation rates downloads in three ways: whether they're digitally signed, the reputation of the author, and--arguably most importantly--how many times the file has been downloaded by others.

This is a fairly common problem, actually. Because Delphi makes software development easy and has no external runtime dependencies, it tends to get used for writing malware, unfortunately. And so some virus scanner heuristics that are supposed to detect malware instead end up detecting parts of the Delphi RTL.

The best thing to do is to do a bit of research and find out how Chrome is making this determination, and then send the people behind the virus scanner giving the false positives a copy of your EXE(s) with an explanation that this is a false positive and needs to be fixed.

I have equally been frustrated by this warning, and without going into a rant about how ridiculous the whole thing is, I will share the solution that worked for me.

I have found that double zipping got rid of the warning right away- zip your files, then zip the resulting zip file, the warning will disappear upon downloading.

The user will have to unzip 2 files to get to your files, but that is a much lesser inconvenience than the dangerous warning.