Author Topic: How to Report Malware or False Positives to Multiple Antivirus Vendors  (Read 75958 times)

Offline spywar

  • Malware Research Group
  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 9560
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #30 on: December 08, 2013, 08:07:40 AM »
I think the page is dedicated to Antivirus vendors, thus Combofix shouldn't be added..

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #31 on: December 08, 2013, 08:22:30 AM »
I think the page is dedicated to Antivirus vendors, thus Combofix shouldn't be added..

HitmanPro is not a antivirus, it is a on demand scanner like Combofix
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline spywar

  • Malware Research Group
  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 9560
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #32 on: December 08, 2013, 08:33:09 AM »
HitmanPro is not a antivirus, it is a on demand scanner like Combofix
HitmanPro is more designed for the public than Combofix which is used by malware removal experts...are not same.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #33 on: December 08, 2013, 08:35:05 AM »
HitmanPro is more designed for the public than Combofix which is used by malware removal experts...are not same.

my wish is only a suggestion..
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #34 on: December 08, 2013, 01:30:07 PM »
1- AVG "report malware via mail" this mail adress is no longer available they said here
I have removed the email address for reporting false positives.

2- Antiy is also doesnt work  :-\
Their site still lists that page as where suspicious samples should be submitted, but the site will not load. Please give this a few days to see if it starts working again. If not, please respond again and I will look into this further.

3- ESET/Nod32 "online malware submission" is not working... (page doesnt open, not available)
I have removed the malware submission form link as I cannot find any references to the page. All I can find is advice to submit it via email.

4- eScan "online malware submission" webpage no longer available..
Their site still lists that page as where suspicious samples should be submitted, but the site will not load. Please give this a few days to see if it starts working again. If not, please respond again and I will look into this further.

5- Lavasoft Ad-Aware from now on they uses Bitdefender engine.. (maybe you can note this)
I usually only note this if they would prefer that users submit samples directly to the other AV, in this case BitDefender. However, for most cases where their are dual engines the product would prefer to also get samples submitted to them. I believe this was the same for Lavasoft.

6- HitmanPro changed the cloud engines, they are using now Kaspersky, Bitdefender, Emsisioft (you can change the note)
Thank you. I have updated the links.

7- Maybe you can add the "Combofix" in this vendor list
I did consider this one. However, as it does not have its own website (which is one of the criteria) it was not eligible for the list.

Let me know if you find anything else.

Thank you.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #35 on: December 08, 2013, 02:49:34 PM »
Thanks for confirmation and fixes.
Also these issues happen;

1- total defence malware submission is not working, the link goes to online shop website

2- ClamAV malware submission site is here, not Immunet Free signatures only..

3- Trend Micro online malware submission site is not available, they lead to e-mail adress.

4- "Protector Plus/Proland" online malware submission website is not available now.

5- Kingsoft online malware submit website is not available now. (500-internal server error)

6- e-Scan online malware submit link not available. I found this page , you can go with 'submit ticket' for submission a suspicious.  :-TU
 
7- CMC online malware submit site is not available.

8- ArcaVir/arcabit online malware submit site is not available.

9- Antiy online malware submit site is not available.

if I will see any problems I will write again  ;)
« Last Edit: December 08, 2013, 04:15:46 PM by yigido »
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #36 on: December 08, 2013, 07:22:55 PM »
1- total defence malware submission is not working, the link goes to online shop website
Thanks, I've now linked to the correct address.

2- ClamAV malware submission site is here, not Immunet Free signatures only..
Do they not share the same signatures? I ask because I don't want to advise that users submit the same sample twice unless there is a need.

3- Trend Micro online malware submission site is not available, they lead to e-mail adress.
Thank you. I have now removed the site link.

4- "Protector Plus/Proland" online malware submission website is not available now.
Thank you. I have removed this option.

5- Kingsoft online malware submit website is not available now. (500-internal server error)
I have now redirected these links to the, hopefully correct, parts of their forum.

6- e-Scan online malware submit link not available. I found this page , you can go with 'submit ticket' for submission a suspicious.  :-TU
 
Thank you. I have now altered the article to use this address.

7- CMC online malware submit site is not available.
Thank you. I have now removed these links as I could not find any indications that the upload sites were still available.

8- ArcaVir/arcabit online malware submit site is not available.
Thank you. I have now removed these links as I could not find any indications that the upload site is still available.

9- Antiy online malware submit site is not available.
Their site still lists that page as where suspicious samples should be submitted, but the site will not load. Please give this a few days to see if it starts working again. If not, please respond again and I will look into this further.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #37 on: December 09, 2013, 09:22:17 AM »
Hello Chiron,

I found these sites for ClamAV, please check for availability..

Online Malware Submission

Online False Positive Submission

thnaks for all fixes  :D
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #38 on: December 09, 2013, 10:35:58 AM »
Hello Chiron,

I found these sites for ClamAV, please check for availability..

Online Malware Submission

Online False Positive Submission

thnaks for all fixes  :D
I asked Immunet staff a while ago whether there is a need to submit malware to both, and they let me know that they are processed by the same team. The correspondence can be read here:
http://forum.immunet.com/index.php?/topic/1942-question-about-submitting-samples/

Thus, I think I will advise users to just submit the malware and false positives to Immunet.

Thanks.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #39 on: December 21, 2013, 04:58:31 PM »
Hello Chrion,

Antiy still not workin'.. you can check yourself

Thanks
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #40 on: December 22, 2013, 01:00:20 PM »
Hello Chrion,

Antiy still not workin'.. you can check yourself

Thanks
Thank you. I have updated the article.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #41 on: December 22, 2013, 01:15:06 PM »
I have got the error message after sending samples to submission via e-mail.
I think they changed their sample submission mail adress.
e-mail's does not work listed below...

Delivery to the following recipients failed

postmaster[at]bullguard.com
k7viruslab[at]k7computing.com
report[at]prevxresearch.com
michael.wang[at]antiy.com
virus_submission[at]centralcommand.com

Please update the .txt file in the first message of this topic

Thanks
yigido
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #42 on: December 22, 2013, 01:47:36 PM »
I have got the error message after sending samples to submission via e-mail.
I think they changed their sample submission mail adress.
e-mail's does not work listed below...

Delivery to the following recipients failed

postmaster[at]bullguard.com
k7viruslab[at]k7computing.com
report[at]prevxresearch.com
michael.wang[at]antiy.com
virus_submission[at]centralcommand.com

Please update the .txt file in the first message of this topic

Thanks
yigido
I just tested this by submitting a 400kB file. The only failure I had was from novirusthanks, which strangely enough worked for you.

Perhaps what happened is that the file you were submitting was too big. Many of the services have a very small maximum file size they will allow. Otherwise it will be bounced back. Please try with a file size smaller than 1MB and let me know if you still experience these problems. Also, let me know if it's bounced back from novirusthanks for you as well.

Thanks.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #43 on: December 22, 2013, 01:50:50 PM »
I submitted the files yesterday and I get this error message today  ;)

I think you will get the delivery error mail after a while  :-TU
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: How to Report Malware or False Positives to Multiple Antivirus Vendors
« Reply #44 on: December 22, 2013, 11:26:54 PM »
I still have not gotten any more error messages. Can you please let me know roughly how long after submitting the sample you got the emails?

Thanks.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek