2008.10.07
2008.10.08
2008.10.09
2008.10.11
2008.10.12
2008.10.13
[attachment deleted by admin]
This post is reserved for attaching images, in case I need to go over the 20 attachments per post limit.
Hi solcroft.
As you know the previous thread we closed. So far, this is an OK start… Hope we can keep things clean here. And here is the address for submitting samples to the AV Lab:
malwaresubmit@avlab.comodo.com (Make sure Subject is “SUSPICOUS FILE SUBMISSION” & It is Zipped & password protected “infected”).
We do appreciate your testing.
Cheers,
Josh
Samples can be submitted here: http://camas.comodo.com/cgi-bin/submit It’s more anonymous, but might be slower.
In your screenshot, did CAVS name the detected virus correctly? I ask because sometimes AVs give different names for the same virus, just look at some of the Virus Total ouputs and you can see different names.
Also, have you tried the link I mentioned yet? And if so, has that site correctly labeled the uploads as suspicious or as proven malware? I am curious about the accuracy of that site. 
Suspicious files are analyzed by the Comodo team, so they can figure out if it’s a false positive or if it is in fact malware.
I agree with 3xist, let’s keep all negative comments out of this thread. If you guys have something to say to each other, say it in ■■■. But, thanks for staying and posting results.
Thank you solcroft for posting these results. Is it possible for you to also use another AV beside comodo so we can see comparisons?
Kyle
This forum is getting nasty. Why don’t you delete the offending posts, and salvage a thread with obvious value?
Yes solcroft can be a pain, but his thread was valuable.
Closing the thread only gives the wrong impression, if you know what i mean.
A moot question really, since there’s no authoritative definition of “correct” in this case. Vendors name viruses what they want, and none of them are any more “correct” than the others.
In my experience, CIMA is often ineffective, as in it fails to capture PE file behavior. For instance, compare this CIMA report: http://camas.comodo.com/cgi-bin/submit?file=57ca98c6ff1ac6e0947f4a1096b832864f7b30d7b5fe8003711af54a608dc743
with a report that ThreatExpert produced on the same file: http://www.threatexpert.com/report.aspx?md5=d7a0177e08c1a392a7a24c1998ba7880
I’ve also took a screenshot of how D+ reacts when the file is executed locally. As you can see, this behavior was not captured by CIMA. As to why CIMA doesn’t work, I have no idea. But I’d guess that, as a new online sandbox service, its ability to deal with anti-emulation tricks often used by malware is lacking.
Not at this point, no. Sorry.
[attachment deleted by admin]
Hi Solcroft,
CIMA is a glimpse of what sort of instant malware analysis service comodo is working on.
It’s being developed and we have yet not talked about competing with anyone for it and we say same for CAV too.
We are working on it.
So have patience please.
Thanks
-umesh
Edited: Solcroft would appreciate if you could please give CIMA related suggestions in related section, i.e. https://forums.comodo.com/comodo_instant_malware_analysis_online_cima-b156.0/
Heuristics isn’t in Cavs 3 yet
True, However CIMA uses very Advanced Heuristics & is continually being improved and worked on. Melih mentioned CIMA-Heuristics like technology in future versions of CIS.
Josh
I tested Comodo AV too but i dident take any screenshots but i uploaded all not detected samples to Comodo
66713 Total viruses [6GB+]
45842 Detected viruses
----------------------------------------
20871 Viruses left [1.72GB]
Total size is 1.1GB, unpacked it is 1.7GB
Happy testing
:■■■■
I edited this post as the links to malware was public.
Anyone interested can PM V7chy for it.
Again MANY MANY THANKS TO V7chy FOR SHARING ALL THIS WITH US!!!
Melih
Cool. And Comodo detected 68.7%. 
Not bad. Let’s hope the undetected ones are added to the DB soon.
Aaah, the good ol’ VX Heavens collection. It’s been around for as long as I can remember; good to see that CAV has finally reached 70% after all these years.
Hey nice work!
It would be nice for you to join the Malware Research Group.
Josh
Yes it’s not a bad % at all.
Josh