cancel
Showing results for 
Search instead for 
Did you mean: 

malware submission fails sometimes

Hello,

sometimes malware submission fails with

McAfee Labs - Beaverton                                                               
  Current Scan Engine Version:5700.7163                                                 
  Current DAT Version:7946.0000                                                         
  Thank you for your submission.                                                        
 
  Analysis ID: 9591037
 
  File Name            Findings                       Detection                    Type         Extra
  --------------------|------------------------------|----------------------------|------------|-----
  1eba.zip            |extraction failure            |                            |            |no  
 
  extraction failure [1eba.zip]                                                                           
------------------------------------------------------------------


can you have a deeper look at it ?


I attached both python script and failing malware sample to this message 

41 Replies

Re: malware submission fails sometimes

First I have removed all samples forum rules ask that possible infected files are not posted here.

when you zipped the file did you password protect it with password infected?

I would retry the submission maybe use getsusp that is mentioned in the faq as long as you add your email details to its preferences that will submit the file as well.

Re: malware submission fails sometimes

I attached send.py script in order to describe how we send samples.

it is not malware

ok, I uploaded both python script and malware sample to Yandex.Disk, Yandex.Disk (password "test)

have a look at send.py, is it ok ?

be careful about included zip, it is malware.

as we send sample from Cuckoo Sandbox, we need some automated way.

what is appropriate ? however, we are not McAfee users, we are malware researchers, so we do not have access to McAfee web interface (and it is not good for python scripting)

can you provide REST api for malware submission ?

Re: malware submission fails sometimes

here's send.py, is it ok ?

#!/usr/bin/env python

# coding=utf-8

from pyminizip import compress

from email.header import Header

from email.mime.application import MIMEApplication

from email.mime.multipart import MIMEMultipart

from email.mime.text import MIMEText

from email.utils import formatdate

import smtplib

from os.path import basename

from sys import argv

def sendMcAfee(filename, help_text, email):

    try:

        name = basename(filename)

        compress(filename, filename + ".zip", "infected", 5)

        filename += ".zip"

        name += ".zip"

        msg = MIMEMultipart(

            From=email,

            To="virus_research@mcafee.com",

            Subject="Potential virus",

            Date=formatdate(localtime=True)

        )

        msg.attach(MIMEText(help_text))

        with open(filename, 'rb') as archive:

            msg_attach = MIMEApplication(

                archive.read(),

                Name=name,

            )

            msg_attach.add_header('Content-Disposition', 'attachment',

                                  filename=(Header(name, 'utf-8').encode()))

            msg.attach(msg_attach)

        smtp = smtplib.SMTP("smtp")

        smtp.sendmail(email, "virus_research@mcafee.com", msg.as_string())

        smtp.close()                                                                                                                                                   

        return 0, "Success! %s" % name                                                                                                                                 

    except Exception as e:                                                                                                                                             

        print "MacAfee error: %s" % e                                                                                                                                  

        return 1, "Something went wrong: %s" % e                                                                                                                       

                                                                                                                                                                       

if __name__ == "__main__":

    if len(argv) < 2:

        print "Usage: %s <email> <file>" % argv[0]

        exit(1)

    print sendMcAfee(argv[2], "Wrong archive", argv[1])

Re: malware submission fails sometimes

Sorry I am only a volunteer helper here cannot program. You can submit it to www.virustotal.com and link to the analysis results I can then point a lab tech to the analysis.

Try resubmitting the file if if fails both zipping and using getsusp I have another way to do it but will have to talk via email. Best we try the other two options first

All that said rereading you say the file is infected correct?

Re: malware submission fails sometimes

for instance, we got "Analysis ID: 9591037" for the failing malware sample.

can you have a look at McAfee side ? I guess you can find answers regarding "was the archive protected with password infected" there, there's sample, right ?

anything else ?

Re: malware submission fails sometimes

Well as I said I am a volunteer just a user of the software and note I have no Mcafee permissions. That said I can ask immediately will post back when I get an answer

Re: malware submission fails sometimes

I'm looking for an answer from McAfee, I'm not sure volunteer can help here.

Re: malware submission fails sometimes

Well I have emailed two McAfee lab techs who actually are the guys analyzing the false +ves so I will get an answer as soon as 1 arrives at work.

catdaddy
Level 20
Report Inappropriate Content
Message 10 of 42

Re: malware submission fails sometimes

Not certain if this thread should be moved to either 'Home User Assistance' or 'Artemis!'  Discussion  ?

Or just leave it be?

Cliff
McAfee Volunteer