The AV team is busy watching p*rn??

Perhaps Iam the “king” of collecting False Positives… 88) 88)

But a LOT of files I send don’t get added to the database… -.-

2 days ago some guy posted a virus on this forum claiming that it would generate passwords to a porn site… I reported it, collected it, sent it via:

I thought, hey great, submitting it early will make any potential downloaders protected before executing it… 2 days later… no definition…

Since I do not test run baddies I have to relay on what “others” say… 22 scanners say, hey it looks bad!

Perhaps it wasn’t bad… Perhaps it generated those passwords the poster claims it did… Perhaps the AV team is all busy checking the site out as we speak… 88) 88)

Some of the other stuff I sent lately that hasn’t been added that other scanners believes are bad:

Are those other scanners filled with FPs? Feels odd… but well… =) The gain with having updates every hours or so is pretty much lost if the updates just contains old samples anyway… =/

Not saying that is the case… A lot of files I send do get added… and they are added quickly… But it seems like there might be some issue were baddies collected and sent are missed…
Perhaps the fear of FPs??
Oh well, guess there has to be some balance there… =)

Hi Monkey_Boy,

Thank you for sharing samples with us. We received all your submission, including the ones from Please have in mind that we continuously have to handle large collections of malware from various sources, inlcuding 0-day malware, samples colected from malware websites, submitted samples from users and many other sources; all these together are reflected with CIS updates each day. When peak is reached, detection might not be available immediately because the entire process of adding detection is not represented only by signature creation, but also signatures test procedures and other routines, which can be time consuming. We share your concern of eliminating as much malware as possible, but the entire process is not a simple one and I think you understand our position.

For the mentioned samples, the status is as follows:

These signatures are in testing queue.
This file is already detected by CIS.

This file is not malware. Differences related to detection can exist due to heuristic detection algorithms of each AV engine. Some files are packed, patched or modified in ways they trigger heuristics even if they’re not malware.
Can you please provide the link to VT again so we can check the status of this? The provided link seems to be invalid and I can't verify the status.

Thanks and regards,

Don’t feel bad. I’ve been submitting through the web page a FP since July 4th and it’s still being detected.

Hi Dave,

Can you please point to sha1 of that?


It’s attached to this post and has been submitted thru the web page on July 4,19,and 25 as well as August 3,5,10 and 14.;msg315536#msg315536

Last detection DB 2048.

I think thats a good explanation… thanks… :-TU :-TU

Its heuristic detected (no heuristic and the file is missed)…

Do you suggest that I don’t send stuff that is heuristic detected? :o :stuck_out_tongue:

I too see that the last link is “corrupt” unfortunatly… =/ Its possible its a FP as well… I just chose some files to make my point and hopefully get an explanation… the file has been submitted somehow (sometimes I submit from my gfs house.) … I put files I submit in one folder… and files just collected in an other… then I remove files once detection are there… =)

Hi Dave,

Yes, there are some issues in fixing this FP, we have it in our knowledge. We hope to have this fixed with next CIS release due next week.