Question About Submitting Samples

[Chiron]

Hello, I am writing an article in which I am showing users where they can submit malware and false positives.

 

I have found an online submission form which users can use to submit these to you, but so far I have found no email address for submitting suspicious files and false positives. Do these exist and if so what are they? Thanks.

[Francis]

Hi Chiron. Potential malware or false positive can be submitted to our support team at support@immunet.com. Include the file/program in a .zip and give us a brief description of what you are submitting and why. Thanks.

[Chiron]

I'm actually trying to find out if there is an email address to which I can submit samples such that they will go into the database for ClamAV.

 

Do immunet and ClamAV use the same database or is there somewhere else that I should be submitting the files?

 

Thanks.

[ritchie58]

Hi Chiron, click on this FAQ topic. There's some additional info there you might find informative.

[Chiron]

Thank you. At this point I know how to submit malware to Immunet, but what I would like to know is whether the samples I submit to Immunet will also be added to the database for ClamAV.

 

The article I'm working on will ask users to submit the suspicious samples (or false positives) to both Immunet or ClamAV. Thus I need to make sure that there aren't separate reporting practices for each one.

 

For example for submitting suspicious files to Immunet I have found this page:

https://forms.netsuite.com/app/site/crm/externalcasepage.nl;jsessionid=0a01145a1f434eacbc541a144401956ef1136b3a72b8.e34Nb3iTbxeLaO0Lbh0Mch0MaxqRe0?compid=1118791&formid=1&h=c7c6f7ac51622f012b06&redirect_count=1&did_javascript_redirect=T

and for ClamAV I have found this page:

http://cgi.clamav.net/sendvirus.cgi

 

This leads me to believe that they feed into two different databases, but I need to know that for sure.

 

Thanks.

[Chiron]

Also, another thing that I've noticed is that twice now I've submitted samples to immunet via this email address:

submit@samples.immunet.com

and both times after a few days I get an email back saying that undelivered mail was returned to sender. This particular one says it was sent on the 7th.

 

Is that email address wrong or perhaps is there currently a problem with the sample submission process? What's going on?

 

Thanks.

[millard@immunet.com]

Chiron,

Once upon a time these were two different groups processing malware, but now it's all being processed by one. I've got some emails to the administrator asking what's going on with submit@samples.immunet.com. I'd suggest using the ClamAV link: http://www.clamav.net/lang/en/sendvirus/submit-malware/ as you'll get better notification of when the Clam databases are updated.

--Millard

[Chiron]

Chiron,

Once upon a time these were two different groups processing malware, but now it's all being processed by one. I've got some emails to the administrator asking what's going on with submit@samples.immunet.com. I'd suggest using the ClamAV link: http://www.clamav.net/lang/en/sendvirus/submit-malware/ as you'll get better notification of when the Clam databases are updated.

--Millard

Thank you.

[millard@immunet.com]

Chiron,

I'm sorry for not posting this yesterday. The admin looked at the mailspool, figured out what was wrong, and restarted it. You should now be able to send through submit@samples.immunet.com.

--Millard

[Chiron]

Chiron,

I'm sorry for not posting this yesterday. The admin looked at the mailspool, figured out what was wrong, and restarted it. You should now be able to send through submit@samples.immunet.com.

--Millard

Thank you. I'll let you know if I have any problems.

[Chiron]

Okay, one more question.

 

Is there an online form which can be used to submit false positives to Immunet?

[millard@immunet.com]

Okay, one more question.

 

Is there an online form which can be used to submit false positives to Immunet?

 

If you go to http://www.immunet.com/contact/index.html, the drop down allows you to "Submit a false positive" or you just email support@sourcefire.com. These all have to be handled by hand.

[Chiron]

If you go to http://www.immunet.com/contact/index.html, the drop down allows you to "Submit a false positive" or you just email support@sourcefire.com. These all have to be handled by hand.

Thank you very much.

 

However, I was under the impression that false positives could also be submitted by sending them to submit@samples.immunet.com?

Does this email address work as well or do I need to tell my readers to submit them to support@sourcefire.com?

 

If you could clear this up I'd really appreciate it.

 

Thanks.

[millard@immunet.com]

Thank you very much.

 

However, I was under the impression that false positives could also be submitted by sending them to submit@samples.immunet.com?

Does this email address work as well or do I need to tell my readers to submit them to support@sourcefire.com?

 

If you could clear this up I'd really appreciate it.

 

Thanks.

submit@samples.immunet.com is really only for files we think are malicious, but we do find FPs in there. Sending to support@sourcefire.com it's easier for us to validate.

[Chiron]

submit@samples.immunet.com is really only for files we think are malicious, but we do find FPs in there. Sending to support@sourcefire.com it's easier for us to validate.

Thank you.

 

I'll advise my readers to submit malware to submit@samples.immunet.com and false positives to support@sourcefire.com.

[Chiron]

submit@samples.immunet.com is really only for files we think are malicious, but we do find FPs in there. Sending to support@sourcefire.com it's easier for us to validate.

Actually, I will advise my readers to submit false positives to support@immunet.com.

 

I contacted support@sourcefire.com and they said the email address wasn't suitable for that. I should use support@immunet.com.

 

Is this okay?

 

Thanks.