Downloading .deb and .rpm files from R2 presigned URLs marked as malware

I recently ported from S3 to R2 and now when I download Linux binary installers (.deb and .rpm) from presigned URLs, Chrome and Firefox say the file is a virus/malware.

I’ve compared the binaries from both S3 and R2 and they’re identical so I’m not sure why Chrome/Firefox would complain. Also, the download works fine if I use a non-presigned URL (e.g. downloading from a public bucket)

Does anyone have any insight on why this would happen?

Here’s a signed URL for one of my deb files in case that helps narrow down the issue:
https://768396306b0d848a3518c5405d7ba4b8.r2.cloudflarestorage.com/vitalaudiobuilds/VitalAudio/vital/1_5_3/VitalInstaller.deb?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=55fa46dcc06b9f6abb9c2047c1a941d7%2F20221003%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221003T155238Z&X-Amz-Expires=360000&X-Amz-Signature=a8bb7f5f1ad1318b59f71e39a680ff30f74f4cafd917bc23002efbea6482c13c&X-Amz-SignedHeaders=host

I’m also having the exact same issue with ZIP files that contain MP3 files.
If I serve the content from any other URL (S3 / Website / etc) the download succeeds without issue.

Virus Total also mentions my download is perfectly safe -

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.