Are those other scanners filled with FPs? Feels odd… but well… =) The gain with having updates every hours or so is pretty much lost if the updates just contains old samples anyway… =/
Not saying that is the case… A lot of files I send do get added… and they are added quickly… But it seems like there might be some issue were baddies collected and sent are missed…
Perhaps the fear of FPs??
Oh well, guess there has to be some balance there… =)
Thank you for sharing samples with us. We received all your submission, including the ones from http://internetsecurity.comodo.com/submit.php. Please have in mind that we continuously have to handle large collections of malware from various sources, inlcuding 0-day malware, samples colected from malware websites, submitted samples from users and many other sources; all these together are reflected with CIS updates each day. When peak is reached, detection might not be available immediately because the entire process of adding detection is not represented only by signature creation, but also signatures test procedures and other routines, which can be time consuming. We share your concern of eliminating as much malware as possible, but the entire process is not a simple one and I think you understand our position.
For the mentioned samples, the status is as follows:
This file is not malware. Differences related to detection can exist due to heuristic detection algorithms of each AV engine. Some files are packed, patched or modified in ways they trigger heuristics even if they’re not malware.
I think thats a good explanation… thanks… :-TU :-TU
Its heuristic detected (no heuristic and the file is missed)…
Do you suggest that I don’t send stuff that is heuristic detected? :o
I too see that the last link is “corrupt” unfortunatly… =/ Its possible its a FP as well… I just chose some files to make my point and hopefully get an explanation… the file has been submitted somehow (sometimes I submit from my gfs house.) … I put files I submit in one folder… and files just collected in an other… then I remove files once detection are there… =)