Jump to content
Chiron

Question About Submitting Samples

Recommended Posts

Hello, I am writing an article in which I am showing users where they can submit malware and false positives.

 

I have found an online submission form which users can use to submit these to you, but so far I have found no email address for submitting suspicious files and false positives. Do these exist and if so what are they? Thanks.

Share this post


Link to post
Share on other sites

Hi Chiron. Potential malware or false positive can be submitted to our support team at support@immunet.com. Include the file/program in a .zip and give us a brief description of what you are submitting and why. Thanks.

Share this post


Link to post
Share on other sites

I'm actually trying to find out if there is an email address to which I can submit samples such that they will go into the database for ClamAV.

 

Do immunet and ClamAV use the same database or is there somewhere else that I should be submitting the files?

 

Thanks.

Share this post


Link to post
Share on other sites

Thank you. At this point I know how to submit malware to Immunet, but what I would like to know is whether the samples I submit to Immunet will also be added to the database for ClamAV.

 

The article I'm working on will ask users to submit the suspicious samples (or false positives) to both Immunet or ClamAV. Thus I need to make sure that there aren't separate reporting practices for each one.

 

For example for submitting suspicious files to Immunet I have found this page:

https://forms.netsuite.com/app/site/crm/externalcasepage.nl;jsessionid=0a01145a1f434eacbc541a144401956ef1136b3a72b8.e34Nb3iTbxeLaO0Lbh0Mch0MaxqRe0?compid=1118791&formid=1&h=c7c6f7ac51622f012b06&redirect_count=1&did_javascript_redirect=T

and for ClamAV I have found this page:

http://cgi.clamav.net/sendvirus.cgi

 

This leads me to believe that they feed into two different databases, but I need to know that for sure.

 

Thanks.

Share this post


Link to post
Share on other sites

Also, another thing that I've noticed is that twice now I've submitted samples to immunet via this email address:

submit@samples.immunet.com

and both times after a few days I get an email back saying that undelivered mail was returned to sender. This particular one says it was sent on the 7th.

 

Is that email address wrong or perhaps is there currently a problem with the sample submission process? What's going on?

 

Thanks.

Share this post


Link to post
Share on other sites

Chiron,

Once upon a time these were two different groups processing malware, but now it's all being processed by one. I've got some emails to the administrator asking what's going on with submit@samples.immunet.com. I'd suggest using the ClamAV link: http://www.clamav.net/lang/en/sendvirus/submit-malware/ as you'll get better notification of when the Clam databases are updated.

--Millard

Share this post


Link to post
Share on other sites

Chiron,

Once upon a time these were two different groups processing malware, but now it's all being processed by one. I've got some emails to the administrator asking what's going on with submit@samples.immunet.com. I'd suggest using the ClamAV link: http://www.clamav.net/lang/en/sendvirus/submit-malware/ as you'll get better notification of when the Clam databases are updated.

--Millard

Thank you.

Share this post


Link to post
Share on other sites

Chiron,

I'm sorry for not posting this yesterday. The admin looked at the mailspool, figured out what was wrong, and restarted it. You should now be able to send through submit@samples.immunet.com.

--Millard

Thank you. I'll let you know if I have any problems.

Share this post


Link to post
Share on other sites

If you go to http://www.immunet.com/contact/index.html, the drop down allows you to "Submit a false positive" or you just email support@sourcefire.com. These all have to be handled by hand.

Thank you very much.

 

However, I was under the impression that false positives could also be submitted by sending them to submit@samples.immunet.com?

Does this email address work as well or do I need to tell my readers to submit them to support@sourcefire.com?

 

If you could clear this up I'd really appreciate it.

 

Thanks.

Share this post


Link to post
Share on other sites

Thank you very much.

 

However, I was under the impression that false positives could also be submitted by sending them to submit@samples.immunet.com?

Does this email address work as well or do I need to tell my readers to submit them to support@sourcefire.com?

 

If you could clear this up I'd really appreciate it.

 

Thanks.

submit@samples.immunet.com is really only for files we think are malicious, but we do find FPs in there. Sending to support@sourcefire.com it's easier for us to validate.

Share this post


Link to post
Share on other sites

submit@samples.immunet.com is really only for files we think are malicious, but we do find FPs in there. Sending to support@sourcefire.com it's easier for us to validate.

Thank you.

 

I'll advise my readers to submit malware to submit@samples.immunet.com and false positives to support@sourcefire.com.

Share this post


Link to post
Share on other sites

submit@samples.immunet.com is really only for files we think are malicious, but we do find FPs in there. Sending to support@sourcefire.com it's easier for us to validate.

Actually, I will advise my readers to submit false positives to support@immunet.com.

 

I contacted support@sourcefire.com and they said the email address wasn't suitable for that. I should use support@immunet.com.

 

Is this okay?

 

Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×