Missed a virus and can't submit for analysis.

Came across a file in my inbox today. First thing I did was scan it with CAVS. It said it was clean but I tried to submit it anyway. I correctly selected the file, but when I hit the “Submit” button, nothing happened. Is there a confirmation when a file is subitted to Comodo, or is it done silently?

Also, I scanned the file at Kaspersky’s site and was notified that the file contains Trojan-Spy.Win32.WinSpy.aa

Would someone please shed some light on the submitting procedure?

Thanks,
Mike

Hi,

After clicking the submit button you should see a message that the file was added to the submission list. You should then get a tray icon appear after a few seconds or so saying click here to submit items waiting to be submitted. It sometimes takes a few seconds for CAVS to start submitting the file.

If you still have the file it would be really useful if you could submit it by opening CAVS>select quarantine>submit files>then enter a description and send the file.

Mike

Ok, I did it that way and it worked. Thanks for the info.

The method I was using should have worked, but for some reason it doesn’t.

I was scanning the file via right-click in Windows Explorer. The scan status screen opened up for CAVS and said it was clean. There is also a submit button in the “Scan Status” screen. I clicked that “Submit” button and a window opened up entitled “Submit Wizard”. I selected the textbox next to the filename in the window and then clicked the “Submit” button. But like I said, nothing happened even after several seconds.

I’ll use your method in the future. Thanks again.

Mike_P

Ok, glad it worked that way. Thanks for submitting the file for analysis.

I’ve used both ways before, and they’ve worked. Not sure why the one way has not worked in this case - but you may want to add this to the bug reports section for CAVS.

Mike

Thanks Mike, I may inquire about that, I’m not sure at this point.

To make strange matters even stranger, after rebooting my computer a CAVS screen popped up and said that I had a file that I did not submit yet and asked me if I wanted to submit it. Not sure if it’s the same file or not, I just dismissed the window.

I think what I’ll do is wait until I need to submit another file and try it that way again. If the problem persists I will have my people contact Comodo’s people. hehe

Thanks again bud, appreciate it
Mike_P

You are more than welcome. :wink: It is higly likely that that was the same file CAVS asked to submit after reboot. Even if you had tried to submit it, it would probably fail anyway - as the same file has already been submitted. This is to prevent duplicate submissions of the same file.

Mike

Hi Mike_P,
The submit buttoon “Submit Wizard” simply adds the file into submit queue. Also will disply the message aaginst each file ie The file is quesued for submission". Then if you can cconnetced to internet then within 5 minutes, CAVSubmit program will run and will submit the files.
As mike said, CAVSubmit checks the globla safelist database and global file submission database and it does not submit the files if the same file is already submitted by someone else. CvSubmit will simply remove the file from the list.

If you want the analysis report for any submitted files you can choose:
CAVS>select quarantine>submit files>then enter a description and send the file.

regards
Kishor

Thanks guys, I’ll keep that info in mind if I ever need to submit another file.

One other question though. I’m pretty sure the file I submitted was infected and I did request verification. Do you know how long it takes to get a response? I’m sure they have their hands full, checking all the files that aresubmitted. I’m just curious…not impatient.

Mike_P

Hi Mike_P,

The last time I submitted a file to get feedback, it took about 2-3 days. This was a few months a go though, when CAVS was first released, so it may be a bit different now.

I’ve just submitted a possible trojan file myself for analysis, so I’ll let you know when / if I get a reply.

Mike

Sweet. I’ll do the same, though I sent mine in a couple of days ago.

Mike_P