Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 369729 times)

0 Members and 1 Guest are viewing this topic.

Henrique - RJ

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #120 on: October 16, 2010, 06:07:00 AM »
Yes Henrique is and if you remember rightly Maxx was trying to do something different so he could submit directly using ftp or other means.

Why Maxx not give us other direct way to send samples?

kubecj

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #121 on: October 16, 2010, 09:49:27 AM »
some vendors like to play games by creating innocent samples with their detections and then measuring how many other AVs are caught by the trap.
Kubecj, is it possible to name them? If not, I understand.
But this seems a ridiculous attitude, not respectful. It would be good to know who is playing the "bad" guy role in the game. Of course, you can prove what you say. Of course, I believe you.

http://www.securelist.com/en/weblog?weblogid=208188011
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/
http://blog.eset.com/2010/02/02/kaspersky-virus-total-and-unacceptable-shortcuts

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: Samples missed by avast (VirusTotal links only!)
« Reply #122 on: October 16, 2010, 09:55:47 AM »
better false positives or fake detection than infected with bankers,zbots,and other things ;D
but if you say so,i will start send the samples to lab.
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Samples missed by avast (VirusTotal links only!)
« Reply #123 on: October 16, 2010, 10:25:38 AM »
Why Maxx not give us other direct way to send samples?

which other direct way?

Henrique - RJ

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #124 on: October 16, 2010, 10:28:41 AM »
Why Maxx not give us other direct way to send samples?

which other direct way?

ftp ?

other e-mail ?

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: Samples missed by avast (VirusTotal links only!)
« Reply #125 on: October 16, 2010, 10:53:18 AM »
If you submit something on VT, we'll eventually get it from them and add it to the database as soon as possible.

Oh, I did not know this!
Twitter: https://twitter.com/OmidFarhangEn - OS: Arch Linux

vywert

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #126 on: October 16, 2010, 11:37:06 AM »
Trojan (Bredolab) File name: updugt32.exe

http://www.virustotal.com/file-scan/report.html?id=9d90abb84ba08b6e9bbe3b404818123a249d12073081e073afef12a061ff8494-1287214603

Detected by Windows Task Manager - svchost.exe 100% load

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479

Henrique - RJ

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #128 on: October 16, 2010, 12:04:01 PM »
http://forum.avast.com/index.php?topic=64122.msg546624#msg546624 ftp was mentioned already..

ftp is this ?

ftp://ftp.avast.com/incoming/


Henrique - Bankers is what bothers you, right? we're receiving samples from Bank of Brasil (and maybe other institutes in Brasil), but it's probably not enough to cover this regional issue.. if you have better samples, we can talk about a processing of your submission through our ftp (a daily uploaded batch with a predefined name), if you prove the quality of your feed, we can dedicate someone to its processing maybe..

What it means ?:"a daily uploaded batch with a predefined name"

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11816
    • AVAST Software
Re: Samples missed by avast (VirusTotal links only!)
« Reply #129 on: October 16, 2010, 12:11:37 PM »
FTP is not a good idea - unless you are specifically asked for that (for a specific file), and the one who asked you is expecting the file there.
Having a FTP folder full of anonymous files uploaded by nobody knows who, not knowing what are malware samples, what are false positive samples, crash related files, somebody trying to make a public warez folder, or something different... is completely useless. The content just gets deleted, there's nothing to do with that. So, simply deleting the sample, or uploading it to the incoming folder on the FTP without previous arrangement - is mostly equal.

Other e-mail? Well, this other e-mail would, in the end, be processed exactly the same way as the usual virus@ e-mail... so what's the point?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11816
    • AVAST Software
Re: Samples missed by avast (VirusTotal links only!)
« Reply #130 on: October 16, 2010, 12:15:54 PM »
What it means ?:"a daily uploaded batch with a predefined name"

It means that if you had a significant number of samples, there could be an arrangment that you would upload them somewhere daily, in a very specific format (exact name of the archive, possibly specific file structure inside of that archvie) - and they would get somehow included into the automated processing as an additional feed.
But uploading single, randomly named files on the FTP is pointless.

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Samples missed by avast (VirusTotal links only!)
« Reply #131 on: October 16, 2010, 12:17:10 PM »
a predefined name means a specific name known to you and viruslab to easily identify the file on our side.. this way is applicable for larger batches of samples, single files should be sent rather via e-mail...

Henrique - RJ

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #132 on: October 16, 2010, 12:34:08 PM »
a predefined name means a specific name known to you and viruslab to easily identify the file on our side.. this way is applicable for larger batches of samples, single files should be sent rather via e-mail...

It is to rename the sample and send it via ftp?

We could send the samples we had a day one by one via ftp ?

Could give a practical example ?

Please explain with simple words because my English is bad.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11816
    • AVAST Software
Re: Samples missed by avast (VirusTotal links only!)
« Reply #133 on: October 16, 2010, 12:42:34 PM »
Please use the usual e-mail - it will really be easier, and the samples will be processed in exactly the same way.

Henrique - RJ

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #134 on: October 16, 2010, 12:54:17 PM »
Please use the usual e-mail - it will really be easier, and the samples will be processed in exactly the same way.

I also think.

But the problem is there are samples that will take days to be detected and others never are.