Author Topic: Virus submisions  (Read 14554 times)

0 Members and 1 Guest are viewing this topic.

lee16

  • Guest
Virus submisions
« on: November 22, 2004, 05:47:45 PM »
Hi Alwil Team

May i ask if your giving replys to virus submisions now?

I ask because i have always been told that you don't, and i have just recived a reply from alwil team.


--lee
« Last Edit: November 22, 2004, 06:04:01 PM by lee16 »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re:Virus submisions
« Reply #1 on: November 22, 2004, 08:52:32 PM »
Hi Alwil Team. May i ask if your giving replys to virus submisions now? I ask because i have always been told that you don't, and i have just recived a reply from alwil team.

Maybe Karel likes you more than the majority of us  ;D
Sorry, I received some in the past too  ;)

I think the policy has not change... Just in some cases we receive the response.
The best things in life are free.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31301
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Virus submisions
« Reply #2 on: November 23, 2004, 07:58:56 AM »
Now I am  jealous ;D

After 5 or 6 vps updates they finally added the virusses I submitted, and guess what.... :'( With the next release they were not detected anymore and they are still not detected again. :'(
« Last Edit: November 23, 2004, 08:00:59 AM by Eddy »

lee16

  • Guest
Re:Virus submisions
« Reply #3 on: November 23, 2004, 10:04:52 AM »
Quote
With the next release they were not detected anymore and they are still not detected again.

Why not resubmitte them again then?

--lee

watchthisspace

  • Guest
Re:Virus submisions
« Reply #4 on: November 24, 2004, 05:09:37 AM »
Now I am  jealous ;D

After 5 or 6 vps updates they finally added the virusses I submitted, and guess what.... :'( With the next release they were not detected anymore and they are still not detected again. :'(
They should stay in the virus database forever unless what you submitted were falus positives

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31301
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Virus submisions
« Reply #5 on: November 24, 2004, 11:26:22 AM »
I checked with JOTTI. ALL av's there are detecting them, except for Avast.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re:Virus submisions
« Reply #6 on: November 24, 2004, 03:14:06 PM »
Hey Karel...
Where is the VPS update!  :P
We need it  :(
The best things in life are free.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31301
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Virus submisions
« Reply #7 on: November 24, 2004, 03:32:01 PM »
Update:

- 2 virusses (in my virus "collection") weren't detected by Avast.
- after several updates of the avs the finally where detected.
- than (with a next version of the vps) both where not detected.
- with a new update of the vps only 1 is detected again but another (which has always been detected) now isn't :'(

What the heck is happening :-\

In my honest opinion this shouldn't be happening. And to me, it is really disapointing.

Don't get me wrong, I still very much like Avast (I am a pro user) and I will continue using it. After all, perfection doesn't excist but it is sure is a good thing to reach for it ;)

kareld

  • Guest
Re:Virus submisions
« Reply #8 on: November 25, 2004, 10:18:41 AM »
Hi,
  yes, it shouldn't happen, sorry for it. There are 2 possibilities what happened. Either there was a false alarm with the detection string, it was disabled and I forgot to do a new string. Or there was a problem with virus database file, it was taken from backup and the string was missed. Could you please send the file to me again?

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31301
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Virus submisions
« Reply #9 on: November 25, 2004, 01:15:25 PM »
File send.

Jlo

  • Guest
Re:Virus submisions
« Reply #10 on: November 27, 2004, 11:46:31 AM »
Hi,

I to have sent many samples and they usually get added over the next couple of VPs. I don't get a reply but I don't expect a reply as I know how time consuming it would be.

Howeverover the last month none of the viral submission I made have been added (one was a version of Loveletter which only Avast does not detect) and a few I-Worms found on the net.

Now whilst Avast are very quick to add a vps to a quick spreading virus (Sober) I still think that samples should be added in a reasonable time.

If you look at at this posting http://forum.avast.com/index.php?board=4;action=display;threadid=9046

A Membor got infected by downloading a macro tool program (which looked like legit software) This was posted 22nd Nov. I went to the website, downloaded the file and no AV software detected (According to Jotti, Virustotal and KAV)

I sent the file to Avast, and many others including F-secure. I had a response back from F-secure 30 mins later. Kav had added it by the same evening and Dr Web by the next morning.

I e mailed Pavel to say that a user was having a problems and since the link for this file was posted on this forum it really should be detected. To VPS later still no detection.

AntiVir  BDS/Banito.S.1 (0.14 seconds taken)
Avast  No viruses found (1.51 seconds taken)
BitDefender  Backdoor.Banito.S (0.31 seconds taken)
ClamAV  No viruses found (0.37 seconds taken)
Dr.Web  BackDoor.Bandito (0.49 seconds taken)
F-Prot Antivirus  virus dropper (0.06 seconds taken)
Kaspersky Anti-Virus  Backdoor.Win32.Banito.s (0.58 seconds taken)
mks_vir  No viruses found (0.21 seconds taken)
NOD32  Win32/Banito.S (0.36 seconds taken)
Norman Virus Control  No viruses found (10.41 seconds taken)

I have used Avast for a year and it is great software and fantastic forum but I feel that samples do need to get looked at more quickly.

I do appreciate that if we all payed then maybe more virus analysist could be emplyed.

Thanks you Avast for providing fee AV protection but please speed up sample additions.

Kind Regards

Jlo

Jlo

  • Guest
Re:Virus submisions
« Reply #11 on: November 27, 2004, 11:52:49 AM »
Just had a thought.

What about a diffent virus submission e mail address just for some of the more experence people on this forum, (Such as Eddy, Technical etc) where they can send file straight to one of the Virus researchers.

I am sure that the virus submission address must get bombarded with 'crap' as well and it must take sometime to wade through the rubish to find the true malware.

People like Eddy, Technical and myself will have already scanned with Jotti Scanner and made further investigation and I am sure most of the file we submit would be malware and worthy of addition?

Just wondered if that would help?

Only an idea

Kind Regards

Jlo

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re:Virus submisions
« Reply #12 on: November 27, 2004, 12:24:10 PM »
What about a diffent virus submission e mail address just for some of the more experence people on this forum, (Such as Eddy, Technical etc) where they can send file straight to one of the Virus researchers.

Jlo, I have no condition to receive virus samples  :P
I'm only protected by avast, if it fails my system brokes  :-\ :'(
The best things in life are free.

TAP

  • Guest
Re:Virus submisions
« Reply #13 on: November 27, 2004, 12:49:31 PM »
Since I started using Avast Home Edition 4.5 (not so long ago) I've sent many malware such as adware, trojandownloader and other that are not detected by Avast to its virus lab. All those malware are not downloaded form VX sites (yes, at least it's circulating in the real world) but they tried to hit my machine while I did my normal operation such as surfing, downloading software from the internet and the last one I sent (if I rememer correct) is W32/Delf-IV. But almost of them are not included in Avast VPS by now and hope all will add in monthly trojan VPS as always.

http://www.sophos.com/virusinfo/analyses/w32delfiv.html

I think ALWIL reserves its resources to detecting only real-world threats and the most damaging threats according to this thread.

http://forum.avast.com/index.php?board=2;action=display;threadid=8739;start=msg71974#msg71974

And if you can remember when MS04-028 JPEG Exploit are found, Avast is one of the last AVs that detect it and maybe Avast forced by users to do that.

But I think it's not good in marketing scene when compare to other AVs such as Kaspersky because the average users like me not even know what is real-threats, what is viruses, what is spyware like, what is trojan like but I don't want it and want my antivirus detects/stops it, if it fails it should be blamed.

The whitepaper called "Why Less is More in Virus Protection" written by Joe Wells (the founder of  The WildList Organization International) may or may not true. :)
« Last Edit: November 27, 2004, 01:17:50 PM by TAP »

Jlo

  • Guest
Re:Virus submisions
« Reply #14 on: November 27, 2004, 01:32:58 PM »
Hi Technical,

Sorry I think you may have misunderstood me. I did not mean send samples to you. I meant for people like you and eddy who come across samples to send them to avast via a diferent address from the normal user eg straight to Pavel etc as they will know the malware they have received is likely to be real malware and can deal with more quickly.

Cheers

Jlo