cancel
Showing results for 
Search instead for 
Did you mean: 
chipitsine
Level 7

Re: malware submission fails sometimes

Yandex.Disk - nested zip archive

https://github.com/cuckoobox/cuckoo/issues/440

I beleive malware programmers do those tricks to cheat antivirus engines.

0 Kudos
dmeier
Level 13

Re: malware submission fails sometimes

As you can imagine, with millions of protected endpoints around the world, it's much better for us to establish the policy, and request that customers follow that process, rather than for us to accommodate millions of ways people could create to submit samples to us.

I fear we are getting off topic a great deal, but for our scanning engine, nested archives are not an issue. And even in this case of the submission process, we aren't talking about nested archives, but rather special characters in the path.  If you would simply strip the path from the archive, we both would be happy.

Bear in mind, it's winzip that you are wrestling with, not us    I've attached a few screenshots that show the complaints of winzip.  ( of course,  you created it with Winrar, but we don't use winrar )Winzip1.png

Winzip2.png

If you could please remove any special characters in the path, and or remove the folder completely, you will be able to submit samples to us without issue.

- David

blangel
Level 7

Re: malware submission fails sometimes


dmeier написал(а):



As you can imagine, with millions of protected endpoints around the world, it's much better for us to establish the policy, and request that customers follow that process, rather than for us to accommodate millions of ways people could create to submit samples to us.



I fear we are getting off topic a great deal, but for our scanning engine, nested archives are not an issue. And even in this case of the submission process, we aren't talking about nested archives, but rather special characters in the path.  If you would simply strip the path from the archive, we both would be happy.



Winzip1.png



In this screenshot I see that your program does not support Unicode file names, not to mention support for Unicode ZIP-archives.

I think that people are using Unicode programs still more than ANSI.

0 Kudos
exbrit
Level 21

Re: malware submission fails sometimes

are you using Enterprise products?  From the 1st post I think you are, in which case I shall move this to the Corporate area where it might be better suited.

---

Peter

Moderator

0 Kudos
chipitsine
Level 7

Re: malware submission fails sometimes

we run our own malware lab. we observe 10 various samples per day (from email server). if McAfee is interested in protecting its users and detect that malware, we do not mind.

we would like to share found malware samples with every antivirus.

no, we are not McAfee user in any sense.

as I see, McAffee is not very good with cyrillic malware samples, so I guess it would not give us proper protection.

0 Kudos
exbrit
Level 21

Re: malware submission fails sometimes

Well I moved this to Corporate User Assistance anyway as your very first post states:

Current Scan Engine Version:5700.7163                                                  
Current DAT Version:7946.0000                    

Those don't apply to Consumer software.  BTW Enterprise is up to DAT 7979.

0 Kudos
chipitsine
Level 7

Re: malware submission fails sometimes

you can move to any place.

when we submit samples, we get "Current Scan Engine Version:XXXX.YYYY" in reply.

I beleive it is scan engine on your side.


we are not running McAfee. we just scan new samples with virustotal.com and send undetected to McAfee.

0 Kudos
exbrit
Level 21

Re: malware submission fails sometimes

Is it your own software that you are trying to clear?

See the following:  Detection Dispute Submission | McAfee Labs

Also https://kc.mcafee.com/corporate/index?page=content&id=KB85568

Hopefully someone in Corporate will spot this and post.

0 Kudos
chipitsine
Level 7

Re: malware submission fails sometimes

we are not trying to clear anything. we observe malware samples and share those samples with antivirus companies.

0 Kudos
Highlighted
exbrit
Level 21

Re: malware submission fails sometimes

I understand.  Hopefully someone from the labs will spot this.

0 Kudos