Ok did the submit work ie did you get an immediate reply back with an analysis id included if not you submitted it incorrectly.
If yes can you post the id number here and if you do not have a fix in 4 days post here and I will ping a lab tech to fix/investigate it.
I assume you replied to teh reply as Peter suggested with false +ve in the subject?
Thank you for the quick reply!
I received a delivery receipt but not a reply.
If I did it wrong, what should've been in the subject line and what (if anything) should've been in the body of the email??
You first submit the file zipped up with password infected.
That gets you a reply an automatic hey we found xyz and sending it off to be checked with this is an analysis id that I need.
You then reply to that email you got changing teh subject to False+ve and name of detection and say whay you feel it is a false detection. To this email you will not get any reply usually ill they sort it out.
I just sent another email with the file in question attached in a zip file. (I did not create a password for it, is this required for some reason?)
It has been about 15 minutes and I have once again received a delivery receipt but no reply.
I know that 15 minutes is not a long time but you are saying I should've received some kind of immediate reply, which I haven't.
What am I doing wrong??
For the initial first email, please tell me:
1. What EXACTLY should I put in the subject line?
2. What EXACTLY should be attached?
3. What EXACTLY should be in the body of the email? (If anything)
I am assuming that firstname.lastname@example.org is the correct email address since I'm getting an almost immediate delivery receipt.
Thanks again for all your help. My frustration is all with McAfee, not you. They make this harder than it has to be, it seems.
No you must do it as this faq says in the link in your original post
See....How to Submit a file to the Labs for analysis: http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx
Zip the file up after disabling Real time protection and password protect it with infected as teh password no other email will be opened by them.
I prefer waiting for the reply then sending the fasle detection in the subject email that works the other way will as well but I prefer suggesting adding false only to the reply email.
I used GetSusp to send the file to them, I got this reply back in my email just now:
Is this what you were asking for?
Thanks again for your guidance.
Subject: 8035144 - gsusp_04CA760097C7_031714_115841 False Artemis!AEAAD6418270
McAfee Labs - Beaverton
Current Scan Engine Version:5600.1067
Current DAT Version:7379.0000
Thank you for your submission.
Analysis ID: 8035144
File Name Findings Detection Type Extra
files.xml |inconclusive | | |no
files.xsl |inconclusive | | |no
getsusp.log |inconclusive | | |no
getsusp.xml |inconclusive | | |no
getsusp.xsl |inconclusive | | |no
mcafee-product.txt |inconclusive | | |no
network.xml |inconclusive | | |no
network.xsl |inconclusive | | |no
upddl.ex_ |inconclusive | | |no
inconclusive [files.xml files.xsl getsusp.log getsusp.xml getsusp.xsl mcafee-product.txt
network.xml network.xsl upddl.ex_]
Automated analysis was not able to determine that this file is malware. This file is
being sent for further processing and the DAT files will potentially be updated if
detection of this sample is warranted.
Due to the prevalence of network gateway AV products, it is important that all
submissions be zipped and the zip file password-protected (password - infected). Some
products will reject an email that contains a virus that is not sent in this way. In
addition, often we receive a file that appears not to have been infected, to find
later that the file was infected when it left the sender, and was cleaned somewhere
along the line.
Yes if no fix in 4 days post back and I will expediate it