First I have removed all samples forum rules ask that possible infected files are not posted here.
when you zipped the file did you password protect it with password infected?
I would retry the submission maybe use getsusp that is mentioned in the faq as long as you add your email details to its preferences that will submit the file as well.
I attached send.py script in order to describe how we send samples.
it is not malware
ok, I uploaded both python script and malware sample to Yandex.Disk, Yandex.Disk (password "test)
have a look at send.py, is it ok ?
be careful about included zip, it is malware.
as we send sample from Cuckoo Sandbox, we need some automated way.
what is appropriate ? however, we are not McAfee users, we are malware researchers, so we do not have access to McAfee web interface (and it is not good for python scripting)
can you provide REST api for malware submission ?
here's send.py, is it ok ?
from pyminizip import compress
from email.header import Header
from email.mime.application import MIMEApplication
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.utils import formatdate
from os.path import basename
from sys import argv
def sendMcAfee(filename, help_text, email):
name = basename(filename)
compress(filename, filename + ".zip", "infected", 5)
filename += ".zip"
name += ".zip"
msg = MIMEMultipart(
with open(filename, 'rb') as archive:
msg_attach = MIMEApplication(
smtp = smtplib.SMTP("smtp")
smtp.sendmail(email, "email@example.com", msg.as_string())
return 0, "Success! %s" % name
except Exception as e:
print "MacAfee error: %s" % e
return 1, "Something went wrong: %s" % e
if __name__ == "__main__":
if len(argv) < 2:
print "Usage: %s <email> <file>" % argv
print sendMcAfee(argv, "Wrong archive", argv)
Sorry I am only a volunteer helper here cannot program. You can submit it to www.virustotal.com and link to the analysis results I can then point a lab tech to the analysis.
Try resubmitting the file if if fails both zipping and using getsusp I have another way to do it but will have to talk via email. Best we try the other two options first
All that said rereading you say the file is infected correct?
for instance, we got "Analysis ID: 9591037" for the failing malware sample.
can you have a look at McAfee side ? I guess you can find answers regarding "was the archive protected with password infected" there, there's sample, right ?
anything else ?
Well as I said I am a volunteer just a user of the software and note I have no Mcafee permissions. That said I can ask immediately will post back when I get an answer
I'm looking for an answer from McAfee, I'm not sure volunteer can help here.
Well I have emailed two McAfee lab techs who actually are the guys analyzing the false +ves so I will get an answer as soon as 1 arrives at work.
1 of 1 people found this helpful
The issue is likely caused by our side. We've had sporadic submission issues, that are being worked on. I don't think you need to adjust your submission process any. We do not have any REST API for you to submit through.