virus sample submissions!

[Omar]

I found Trojan Agent on my computer, on 2nd April. I checked with jotti`s and avast does not detect it:


 AntiVir
Found Trojan/Agent.OC.1
ArcaVir
Found Trojan.Agent.Oc
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Agent.OC
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found W32/Agent.OC!tr
Kaspersky Anti-Virus
Found Trojan.Win32.Agent.oc
NOD32
Found nothing
Norman Virus Control
Found W32/Agent.WAS
UNA
Found nothing
VirusBuster
Found Trojan.Agent.AWV
VBA32
Found nothing

I sent avast the sample on Sunday using my AOL account, and sent it again on Tuesday using a differant e-mail address.

The trojan is still not being detected by avast!

Should I be worried/concerned that avast have not added virus to the data base?

Is it likely to be added soon?

[DavidR]

If you add it to the User Files section of avast's virus chest, you send it directly from there. I don't know if that will receive any different handling but some samples I have sent from the chest have been added or the VPS corrected in the event of a false positive.

My major concern about AOHell is you will never know if it made it through as AOHell's various filters can delete email and you will be none the wiser.

Jotti uses the Linux version of avast and may well be different to the windows version another option is VirusTotal - Multi engine on-line virus scanner, which uses the windows version, although recently the version they were using wasn't the latest one.

[Omar]

Hi David,

You raise an interesting point about submitting files from the chest.

I`ve always sent samples by e-mail. Pehaps that aint working if e-mails are filtered by avast!

Sending files from the chest-that appears to be a better option to me, now that you mention it.

The problem is I don`t know how to send files from the chest

Please could you tell me how to do this?.

I have managed to place the files in question, into the chest.

You then right click on the file and choose "e mail to avast" Which protocol do you select?

What message should I type in?

[DavidR]

The method/protocol of sending, by default this is IMAP, leave it as that don't change to the SMTP option, which for many doesn't work. Sending them from the chest you don't have to zip or password protect, etc. that is all taken care of by the chest preparing for the send. The email ends up in your out box, send as normal.

I doubt that alwil/avast filters the incoming traffic to virus @ avast.com, however, some ISPs may filter for Spam/Virus (if you haven't zipped and password protected the attachment).

[Omar]

David!

I followed your instructions, as I was sending the file from the chest. I got a error message and a few seconds after that I got "message successfuully sent to avast team".

Hope they got the file!

[FreewheelinFrank]

Should I be worried/concerned that avast have not added virus to the data base?

Ewido will add submitted malware the next day. Anything longer than that is worrying, and leaving malware undetected for days or even weeks after submission is a big concern...

[justin1278]

Lets hope Alwil will act quickly.

[Omar]

I don`t care is avast never reply to my submissions as long as they add the sample to the data base asp

[justin1278]

I agree

[Omar]

VPS: 0615-0     8.4.2006

still not detected

[TAP]

I sent some adware, spyware sample since December 2005 and January 2006 and avast! can detect them as Win32:Spyware-gen. [Trj] and Win32:Adware-gen. [Adw] with VPS 0614-0, March 2006.

What I can say about this? I don't know if it to toooooo late when avast! can detect them as they probably don't spread anymore. I think it depends on the priority (how fast of its spreading, degree of dangerous) of malware in question, if it's serious, I'm sure avast! will detect them as soon as possible.

[FreewheelinFrank]

Submitted malware should be added the next day.

If Ewido can do it, so can avast!

[DavidR]

I agree on the prompt addition of submitted samples, be they virus or malware, but comparing ewido to avast, which doesn't purport to being a malware program but an anti-virus program isn't really comparing apples with apples (I know there is a fine line and many end users don't see any difference, they call everything a virus). However, Ewido is marketing itself as a malware program.

[Omar]

It would worry me, if avast put virus`s in terms of priority/how dangerous they are etc

[FreewheelinFrank]

avast! also failed to add this worm which I submitted on the 4th:

http://forum.avast.com/index.php?topic=20319.msg170145#msg170145

This was a file I found in my junk mail folder: it is something that an AV program should detect.

Ewido added the definition the next day.

There are AV's which add malware in hours, there are AV's which detect Trojans as well as other malware. If avast! wants to compete, it needs to pull its socks up!