4 Replies Latest reply on Oct 18, 2010 4:54 AM by jmcleish

    Artemis question

    jmcleish

      Hi,

       

      Yesterday I submitted a couple of samples to AvertLabs and (very quickly) received extra dats and info on how to use the beta dats on the other.

       

      I asked if the detections would be included in Artemis detection but was told that they should be included in the normal dats in 30 days.

       

      My question is: Are detections awaiting approval/QA for inclusion in dats, included in Artemis detections or are the two completely seperate entities. Or is it due to the QA/approval process time anyway that would prevent it from being included?

       

      Thanks

       

      Jane

        • 1. Re: Artemis question
          vinoo

          Artemis detection is for (PE) executable files. If you submitted a (NON-PE) document or script file - then it's going to be covered only via the DATs.

           

          If you could post the submission id - I can check on the files and let you know about Artemis coverage.

          • 2. Re: Artemis question
            jmcleish

            Hi Vinoo,

             

            Thanks for the info.

             

            This one I got an extra.dat file for: 3-1264456231

            and this one i was told to use the beta dats: 3-1264456211

             

            These submitted on 5 October so i was wondering that if they have already been included in the normal dats, then from what you are saying they would have been included in Artemis detection first?

            Am I correct in saying this?

             

            Thanks very much.

             

            Jane

            • 3. Re: Artemis question
              vinoo

              Hi Jane,

               

              Detection for all the malicious files are already in the 6138 DATs or in Artemis. Shown below is the timelines for how long it took for the files to get detected.

               

              SR: 3-1264456231 (1 Sample)

              md5: 25231896439ecdc8e882537007bd1059 (Detected in current DATs)

              (Artemis Detection)  assumed_dirty4       10/5/2010 4:18:42 AM
              (Beta DAT Detection) Hiloti.gen.e Trojan  10/5/2010 5:05:23 AM

               

              SR: 3-1264456211 (4 Samples)

               

              md5: a2c84a8efc332697baec4877985c53a0

              (Artemis Detection)  assumed_dirty        10/5/2010 4:18:57 AM
              (Artemis Detection)  assumed_dirty3      10/5/2010 4:31:28 AM
              (Artemis Detection)  assumed_dirty4      10/5/2010 11:51:16 AM

               

              md5: 20c976f92f6832df34f31aac476c9156

              (Artemis Detection)  assumed_dirty4      10/5/2010 4:03:02 AM
              (Beta DAT Detection) TROJAN                10/5/2010 4:57:43 AM

               

              md5: 0x880d76c96e7c29a428f42b4521863bcf
              (Artemis Detection)  assumed_dirty4  10/5/2010 4:18:42 AM
              (Beta DAT Detection) Hiloti.gen.e TROJAN  10/5/2010 4:57:48 AM

               

              md5: 5fa858d64d57a2c52a1c8feda4085860 (clean file)

               

              Beta DATs are recommended in cases where enhanced cleaning is required and an extra.dat won't suffice. Once detection for the sample is included in the Beta DATs it could take upto 24 hours for it to show up in the next production dat release. Artemis based detections are decoupled from this process.

              • 4. Re: Artemis question
                jmcleish

                Thanks very much for that info.

                 

                Thats great.

                 

                Jane