Perhaps Iam the “king” of collecting False Positives… 88) 88)
But a LOT of files I send don’t get added to the database… -.-
2 days ago some guy posted a virus on this forum claiming that it would generate passwords to a porn site… I reported it, collected it, sent it via: http://internetsecurity.comodo.com/submit.php
I thought, hey great, submitting it early will make any potential downloaders protected before executing it… 2 days later… no definition…
Perhaps it wasn’t bad… Perhaps it generated those passwords the poster claims it did… Perhaps the AV team is all busy checking the site out as we speak… 88) 88)
Some of the other stuff I sent lately that hasn’t been added that other scanners believes are bad:
Are those other scanners filled with FPs? Feels odd… but well… =) The gain with having updates every hours or so is pretty much lost if the updates just contains old samples anyway… =/
Not saying that is the case… A lot of files I send do get added… and they are added quickly… But it seems like there might be some issue were baddies collected and sent are missed…
Perhaps the fear of FPs??
Oh well, guess there has to be some balance there… =)
Thank you for sharing samples with us. We received all your submission, including the ones from http://internetsecurity.comodo.com/submit.php. Please have in mind that we continuously have to handle large collections of malware from various sources, inlcuding 0-day malware, samples colected from malware websites, submitted samples from users and many other sources; all these together are reflected with CIS updates each day. When peak is reached, detection might not be available immediately because the entire process of adding detection is not represented only by signature creation, but also signatures test procedures and other routines, which can be time consuming. We share your concern of eliminating as much malware as possible, but the entire process is not a simple one and I think you understand our position.
For the mentioned samples, the status is as follows:
This file is not malware. Differences related to detection can exist due to heuristic detection algorithms of each AV engine. Some files are packed, patched or modified in ways they trigger heuristics even if they’re not malware.
I think thats a good explanation… thanks… :-TU :-TU
Its heuristic detected (no heuristic and the file is missed)…
Do you suggest that I don’t send stuff that is heuristic detected? :o
I too see that the last link is “corrupt” unfortunatly… =/ Its possible its a FP as well… I just chose some files to make my point and hopefully get an explanation… the file has been submitted somehow (sometimes I submit from my gfs house.) … I put files I submit in one folder… and files just collected in an other… then I remove files once detection are there… =)
