How to Report Malware or False Positives to Multiple Antivirus Vendors

 

This article contains a list of every respectable Windows anti-malware vendor, with a signature based product, that I am aware of. Thus this list, in addition to showing you how to easily submit malware or false positives to all of them, also serves as a reference for anti-malware products which are confirmed to be legitimate. That said, I make no statement as to whether any particular anti-malware vendor is good at detecting malware. Some of the vendors in this list are very good and others are nearly worthless. This is not the place to discuss this. By submitting malware to all of them you can help protect nearly all internet users, regardless of which product they choose to use for protection.

 

Also, it would really help if you could rate this article. In addition, for those of you who are knowledgeable about anti-malware vendors, if you do find something wrong, whether it be a missing vendor, incorrect information, missing information, etc..., please read the section about How You Can Help. I really need everyone's help in order to improve and maintain this article.

 

Recent Changelog:

11/14/2014-Removed Moosoft as site seems down, removed email address for K7 as it does not work, and removed email address for esafe as it was not working and I could not find a new email address listed on the site.

11/20/2014-Change bkav submission address for zip files, added email submission address for kingsoft, and added submission link for zoner antivirus

11/22/2014-Added XVirus to the list

11/24/2014-Removed online submission link for submitting false positives to Digital Defender as it was no longer working

 

Index

1. How To Easily Prepare To Submit The Samples

    A) Make Sure Email Client Is Set Up Properly

    B) Put Samples In Compressed Files

2. Easily Submit Malware To All Vendors

3. Criteria Used For The List

4. List Of All Vendors

5. How You Can Help

 

1. How To Easily Prepare To Submit The Samples

 
A) Make Sure Email Client Is Set Up Properly

To follow the advice in this article you will need to have an email client, such as Thunderbird or Hotmail/Live/Outlook, set up and configured. If you have not already set this up, please do so now. For instructions on how to set up Outlook please see this page and for instructions on how to set up Thunderbird please see this page.

 

You will also have to be using an email services which has been confirmed to work for this process. The only one which I am currently aware of is AOL.

By the way, I have confirmed that GmailYahooHotmailGMXFastMail, and Shortmail do not work.

 

In terms of the ones which do work, please note that sometimes they will force you to answer a puzzle, to prove that you're human, or even to change your password. This is because it seems like what you're doing constitutes unusual account activity. This is not really a problem. I'm just letting you know ahead of time so you're not surprised.

 

B) Put Samples In Compressed Files

If you're planning on submitting a suspicious file, or multiple files, for analysis, the easiest way to do this is to install a program called 7-Zip. It can be downloaded from this page. Once it's installed right click on the sample you would like to submit and select "7-Zip". If you are submitting multiple samples then highlight then all and then right click on them. Then choose "7-Zip". Submitting multiple samples at once can save you a lot of time if you have a lot of samples to submit. However, I would suggest that you do not submit more than 5 at a time as some vendors will begin to reject these.

 

After selecting "7-Zip", in the list that appears, select the option to "Add to archive...".  It will open up a window as shown in the picture to the right. Then, in the options for "Archive format" make sure it is set to zip. Then enter in 'infected' as the password. Do not include the quotes. Then select ok.

 

After this is done, in order to submit it to many of the remaining vendors, once again follow exactly the same steps only this time change the "Archive format" to 7z. Then put in the same password and select OK. Now you should have the samples by themselves, a password protected zip file, and a password protected 7z file.

 

2. Easily Submit Malware To All Vendors

 

One of the main purposes of this article is to make it as easy as possible for anyone who comes across malware to submit it to all security vendors in as few steps as possible. Also, don't worry about duplicate submissions. This has been taken care of for this list.

 

You can submit the password protected zip file by clicking on this link. (Attach zip file after email client opens and then click send)-Webmail users should right click on it and choose to save the email addresses. Then paste them in the contact line of your email.

You can submit the password protected 7z file by clicking on this link. (Attach 7z file after email client opens and then click send)-Webmail users should right click on it and choose to save the email addresses. Then paste them in the contact line of your email.

 

If the email is not delivered correctly please see my comments in section A1 to make sure that you are not using one of the email services which do not work with this list.

At this point you've submitted the sample to all vendors below marked with a mail. This does include most of them. Also, if a message failed to be delivered to one or more of the vendors, which does happen sometimes, you can manually submit it to them below if you like. Also, if you wish, you can submit the sample to the rest of the vendors who have submission information. Each of these vendors is marked with a However, this will be much more time consuming as you will have to manually submit the sample to each vendor individually. Note that for online forms, unless instructed otherwise, you should upload the file directly and not in a compressed file.

 

3. Criteria Used For The List

 

My only criteria for adding vendors to this list are that they have to have their own website, which must provide contact information. Also, the vendor must have a signature based anti-malware product, not have a bad reputation, and their main site cannot be rated orange or red by Web Of Trust - which is a criterion imposed by techsupportalert and is non-negotiable.

 

If, in the list, I say that I have confirmed something, that means that I have either been provided that information directly from the vendor or from some other official source with connections to the vendor. I've already run across some occasions where, for example, the website indicates there is not a particular submission option, but their support tells me that there is. Thus, you can rest assured that if I say that something is confirmed to not exist, that information is trustworthy. The only way it can be incorrect is if the vendor now provides a particular submission option which they previously did not.

 

4. List Of All Vendors

 

Unless otherwise noted, when submitting a sample via an online form you should upload the file directly and not in a compressed file. Also, unless otherwise noted, submissions by email should be put in a password protected zip file. Just click on the link for the vendor you wish to submit it to and it will automatically fill the necessary details into your default email client. Then all you need to do is attach the zip file and click send. For any cases where the vendors require different steps they are clearly noted.

 

The symbol mail denotes vendors who are included in the mailing lists in the previous section. You've already submitted the samples to them.

The symbol denotes vendors who do not have an email address for submission but do have some alternate options for submitting samples.

The symbol  denotes vendors who use the signatures of other vendors. Thus you don't need to submit samples to them directly.

If a vendor is unmarked this indicates that I currently have no information about how to submit malware to them.

An "*" means that there is incomplete information. If you have any information your assistance would be greatly appreciated.

 

To jump to the relevant section of the list please click on the letter that the vendor you're interested in begins with. The vendors are arranged alphabetically.

A, B, C, D, E, F, G, H, I, K, L, M, NP, Q, R, S, T, UV, W, XZ

Please note that some products are known by multiple names. Thus, if you are having trouble finding a particular vendor, or product, it will likely be very helpful to search for them using ctrl-f.

 

Vendor Submit Malware   Submit False Positives

mailAegisLab

HomePage

Online Malware Submission

or

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

Agnitum/Outpost

HomePage

unofficial Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

I have confirmed that there is no email address for submitting false positives

mailAhnLab

HomePage

Registered users can report malware via the options on this page

or

anyone can Report Malware via Email

 

Registered users can report false positives via the options on this page

or

anyone can Report False Positive via Email

mail*Antiy

HomePage

The online malware submission form linked to on their site does not currently work.

Report Malware via Email (attach password protected 7z file)

 

I have found no online false positive submission form

Report False Positive via Email

mailArcaVir/arcabit

HomePage (Polish)

Report Malware via Email (attach password protected 7z file)

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

Ashampoo

HomePage

Submit malware to Emsisoft and Bitdefender as Ashampoo uses the same signatures

 

Submit false positives to Emsisoft and Bitdefender as Ashampoo uses the same signatures

Auslogics

HomePage

Submit malware to BitDefender as Auslogics uses the same signatures

 

Submit false positives to BitDefender as Auslogics uses the same signatures

*Avanquest

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailAvast

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

Avertive

HomePage

Website Down On 9/15/14

Submit malware to Agnitum as Avertive uses the same signatures

 

Submit false positives to Agnitum as Avertive uses the same signatures

*AVG

HomePage

Forum

Online Malware Submission

I have found no working email address for submitting malware

 

Online False Positive Submission

AVZ

HomePage (Russian)

Submit malware to Kaspersky as AVZ uses the same signatures

 

Submit false positives to Kaspersky as AVZ uses the same signatures

mailAvira AntiVir

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

I have confirmed that there is no email address for submitting false positives

*Baidu

HomePage

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

mailBitDefender

HomePage

Forum

Online Malware Submission (Select "False Negative" and check the box for file)

or

anyone can Report Malware via Email

 

Online False Positive Submission (Select "False Positive" and check the box for file)

or

anyone can Report False Positive via Email

mailBkav

HomePage

Forum (Vietnamese)

Online malware submission is available to registered users through this page (translate page from Vietnamese)

or

anyone can Report Malware via Email

 

You can join their forum and post false positive here (forum is in Vietnamese)

or

Report False Positive via Email (attach password protected 7z file)

mail*BluePoint Security

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have found no online false positive submission form

Report False Positive via Email

BullGuard

HomePage

Forum

Submit malware to BitDefender as BullGuard uses the same signatures

 

Submit malware to BitDefender as BullGuard uses the same signatures

Celframe

HomePage

Forum

Online Malware Submission (Select 'Freemium Products' and then select "Celframe Free AntiVirus" and submit malware on next page)

I have confirmed that there is no email address for submitting malware

 

Online False Positive Submission (Select 'Freemium Products' and then select "Celframe Free AntiVirus" and submit false positive on next page)

I have confirmed that there is no email address for submitting false positives

mailChicaLogic

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email (attach password protected 7z file)

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

ClamAV

HomePage

Forum

Submit malware to Immunet Protect as ClamAV uses the same signatures

  Submit false positives to Immunet Protect as ClamAV uses the same signatures

mailCMC

HomePage (Vietnamese)

Forum (Vietnamese)

Report Malware via Email (attach password protected 7z file)

 

Report False Positive via Email (attach password protected 7z file)

mailComodo

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

Constant Guard/xfinity

HomePage

Submit malware to Symantec as Constant Guard uses the same signatures   Submit false positives to Symantec as Constant Guard uses the same signatures

Crystal Security

HomePage

 

I have confirmed that there is no online malware submission form

I have confirmed that there is no email address for submitting malware

 

 

I have confirmed that there is no online false positive submission form

I have confirmed that there is no email address for submitting false positives

Cyberoam

HomePage

Submit malware to Avira as Cyberoam uses the same signatures

  Submit false positives to Avira as Cyberoam uses the same signatures

mail*Defenx

HomePage

I have confirmed that there is no online malware submission form

I have found no working email address for submitting malware

 

I have found no online false positive submission form

I have found no working email address for submitting malware

mailDigital Defender

HomePage

Forum

Online Malware Submission

or

Report Malware via Email (attach password protected 7z file)

 

I have found no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

mailDr. Web

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

mailEmco

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

 

have confirmed that there is no online false positive submission form

Report False Positive via Email

mailEmsisoft

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

You can join their forum and post false positives here

or

Report False Positive via Email

maileSafe/Aladdin

HomePage

Registered users can log in through this site, request support, and attach the suspicious file

I have found no working email address for submitting malware

 

Registered users can log in through this site, request support, and attach the false positive

or

anyone can Report False Positive via Email

maileScan

HomePage

Forum

Online Malware Submission (Select "Submit a Ticket" and then Samples)

or

Report Malware via Email

 

Online False Positive Submission (Select "Submit a Ticket" and then "False Positive")

or

Report False Positive via Email

Faronics

HomePage

Submit malware to Vipre as Faronics uses the same signatures

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

mailFortinet/FortiGuard

HomePage

Forum

Online Malware Submission (can only upload up to 1 MB)

or

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailFortKnox SpyEmergency/Netgate

HomePage

Online Malware Submission (near the bottom)

or

Report Malware via Email

 

Online Malware Submission (near the bottom and make sure to put false positive in the comments)

or

Report False Positive via Email

mailF-Prot/FRISK

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

mailFSB Antivirus

HomePage

Forum

Forum site down on 9/15/14

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailF-Secure

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

G Data

HomePage

Online Malware Submission

I have confirmed that there is no email address for submitting false positives

 

Online False Positive Submission

I have confirmed that there is no email address for submitting false positives

mailherdProtect

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email (attach password protected 7z file)

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

Hitman Pro

HomePage

Submit malware to BitDefender, Kaspersky, and Emsisoft as Hitman Pro uses the same signatures   Submit false positives to BitDefenderKaspersky, and Emsisoft as Hitman Pro uses the same signatures

mailIkarus

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailImmunet Protect

HomePage

Forum

Online Malware Submission (Select "Submit a virus from the drop-down menu)

or

Report Malware via Email

 

Online False Positive Submission (Select "Submit a false positive" from the drop-down menu)

or

Report False Positive via Email

*Iolo

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailK7

HomePage

I have confirmed that there is no online malware submission form

I have found no working email address for submitting malware as that stated in website does not work

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailKaspersky

HomePage

Forum

Online Malware Submission (requires free account)

or

Report Malware via Email

 

Online False Positive Submission (requires free account)

or

Report False Positive via Email

mailKingsoft

HomePage

Forum

You can join their forum and post malware sample here

or

Report Malware via Email

 

You can join their forum and post false positives here

mail*KV Antivirus/Jiangmin

HomePage (Chinese)

I have found no online malware submission form

Report Malware via Email

 

I have found no online false positive submission form

Report False Positive via Email

mailLavasoft Ad-Aware

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

Lumension

HomePage

Submit malware to Norman as Lumension uses the same signatures

 

Submit false positives to Norman as Lumension uses the same signatures

Malwarebytes

HomePage

Forum

You have to join their forum and post malware samples here

I have confirmed that there is no email address for submitting malware

 

You have to join their forum and post false positives here

I have confirmed that there is no email address for submitting false positives

mailMcAfee

HomePage

Forum

Online malware submission is available to registered users through this page

or

anyone can Report Malware via Email

 

Online false positive submission is available to registered users through this page

or

send an email to anyone to this email address

or if is marked as marked as "McAfee-GW-Edition" submit it to  this email address

mail*Micropoint

HomePage

Forum

I have found no online malware submission form

Report Malware via Email

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailMicrosoft Security Essentials

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

mail*MKS

HomePage (Polish)

Online Malware Submission (Polish)

or

Report Malware via Email

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

Moon Secure

HomePage

Submit malware to Immunet Protect as Moon Secure uses the same signatures   Submit false positives to Immunet Protect as Moon Secure uses the same signatures

MSecure

HomePage

Submit malware to Ikarus as MSecure uses the same signatures

 

Submit false positives to Ikarus as MSecure uses the same signatures

Multi-AV

HomePage

Submit malware to AviraEmsisoftKasperskySophos, and Trend Micro as Multi-AV uses the same signatures   Submit false positives to AviraEmsisoftKasperskySophos, and Trend Micro as Multi-AV uses the same signatures

mailNano Antivirus

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

*Naver Antivirus

HomePage (Korean)

I have found no online malware submission form

I have found no working email address for submitting malware

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailNod32/ESET

HomePage

Forum

Report Malware via Email

 

Report false positives through the program itself

or

Report False Positive via Email

mailNoraScan

HomePage

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

mailNorman

HomePage

Forum

 

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

mailnProtect

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email
 

mailPanda

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

PC Keeper/Zeobit

HomePage

Submit malware to Avira as PC Keeper uses the same signatures

 

Submit false positives to Avira as PC Keeper uses the same signatures

mail*Preventon

HomePage

I have found no online malware submission form

Report Malware via Email (attach password protected 7z file)

 

I have found no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

*Protector Plus/Proland

HomePage

The online malware submission provided on their site doesn't work correctly.

The email address provided on their site doesn't work correctly.

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailPSafe

HomePage (Portuguese)

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailQihoo Antivirus/360

HomePage (Chinese)

Forum (Chinese)

Online Malware Submission (Option on left is suspicious file and option on right is false positive; provide email below)

or

Report Malware via Email

 

Online False Positive Submission (Option on left is suspicious file and option on right is false positive; provide email below)

or

Report False Positive via Email

Quick Heal

HomePage

Forum

Online Malware Submission (Fill in necessary information and select "Sample File Submission")

or

Report Malware via Email

 

Online False Positive Submission (Fill in necessary information and select "Submit False Positive")

I have confirmed that there is no email address for submitting false positives

*RemoveIt/incodesolutions

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailReturnil

HomePage

Forum

I have confirmed that there is no online malware submission form

Report Malware via Email (attach password protected 7z file)

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

*Rising

HomePage (Chinese)

There is no suitable online form for submitting malware as theirs is rated red by WOT

I have confirmed that there is no email address for submitting malware

 

There is no suitable online form for submitting false positives as theirs is rated red by WOT

I have confirmed that there is no email address for submitting false positives

*Roboscan/ALYac

HomePage

Report malware through tool downloaded from this page

I have found no working email address for submitting malware

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailRubus/Ozone Antivirus

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

ShawSecure

HomePage

Submit malware to McAfee as Shaw Secure uses the same signatures   Submit false positives to McAfee as Shaw Secure uses the same signatures

mail*SmartCOP

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have found no online false positive submission form

Report False Positive via Email

mailSophos

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

mailSpybot Search & Destroy

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission (Make sure to let them know it's a false positive)

or

Report False Positive via Email

*SpyCop

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

mail*SRN/Solo Antivirus

HomePage

I have found no online malware submission form

Report Malware via Email

 

I have found no online false positive submission form

Report False Positive via Email

SuperAntiSpyware

HomePage

Forum

Report malware through tool on this page

I have confirmed that there is no email address for submitting malware

 

Report false positives through SuperAntiSpyware program interface

I have confirmed that there is no email address for submitting false positives

mailSymantec/Norton

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

I have confirmed that there is no email address for submitting false positives

mailThe Hacker

HomePage (Spanish)

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailthirtyseven4

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mail*Total Defense

HomePage

I have found no online malware submission form

Report Malware via Email

 

I have found no online false positive submission form

Report False Positive via Email

Trend Micro

HomePage

Forum

Report Malware via Email (Note that the password must be virus)

 

Online False Positive Submission (Attach the password protected zip file and tell them the password in the comments section)

I have confirmed that there is no official email address suitable for submitting false positives

mail*TrojanHunter

HomePage

Forum

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have found no online false positive submission form

Report False Positive via Email

mailTrojan Remover/Simply Super Software

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

TrustPort

HomePage

Submit malware to AVGBitDefenderDr. Web, Vipre, and VirusBlokAda as TrustPort uses the same signatures

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailTwister/Filseclab

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

Untangle

HomePage

Forum

Submit malware to Immunet Protect as Untangle uses the same signatures   Submit false positives to Immunet Protect as Untangle uses the same signatures

UnThreat

HomePage

Submit malware to Vipre as UnThreat uses the same signatures

 

Submit false positives to Vipre as UnThreat uses the same signatures

Verizon Internet Security

HomePage

Submit malware to McAfee as Verizon Internet Security uses the same signatures   Submit malware to McAfee as Verizon Internet Security uses the same signatures

mailVipre/Sunbelt/Threattrack

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

Vir.IT

HomePage

Online Malware Submission

I have confirmed that there is no email address for submitting malware

 

Online False Positive Submission (Select "Analysis Required" and write "Possible False Positive" in the Description box)

I have confirmed that there is no email address for submitting false positives

mailViRobot/HAURI

HomePage

Online Malware Submission

or

Report Malware via Email

 

Online False Positive Submission

or

Report False Positive via Email

mailVirusBlokAda/VBA32

HomePage

Online Malware Submission (Translate page from Russian)

or

Report Malware via Email

 

I have confirmed that there is no online false positive submission form

Report False Positive via Email

Virus Chaser/IWT

HomePage (Thai)

Submit malware to Dr. Web as Virus Chaser uses the same signatures

 

Submit false positives to Dr. Web as Virus Chaser uses the same signatures

VIRUSfighter

HomePage

Submit malware to Sophos as VIRUSfighter uses the same signatures

 

Submit false positives to Sophos as VIRUSfighter uses the same signatures

*VirusKeeper

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

Webroot

HomePage

Forum

Online Malware Submission

I have confirmed that there is no email address for submitting malware 

 

 

False positive submission is available to through this page

or

Report False Positive via Email

mailXVirus

HomePage

Forum

You can join their forum and post malware samples here

or

Report Malware via Email

 

You can join their forum and post false positives here

I have found no working email address for submitting false positives

*Xyvos

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

 

I have found no online false positive submission form

I have found no working email address for submitting false positives

Zemana

HomePage

Submit malware to Emsisoft, G Data, Ikarus, and Dr. Web as Zemana uses the same signatures

 

Submit false positives to EmsisoftG DataIkarus, or Dr. Web as Zemana uses the same signatures

mailZillya

HomePage (Ukrainian)

I have found no online malware submission form

Report Malware via Email

 

I have found no online false positive submission form

Report False Positive via Email

ZoneAlarm/Check Point

HomePage

Forum

Submit malware to Kaspersky as ZoneAlarm uses the same signatures

  Submit false positives to Kaspersky as ZoneAlarm uses the same signatures

Zoner

HomePage

Online Malware Submission

I have confirmed that there is no email address for submitting malware

 

I have confirmed that there is no online false positive submission form

I have confirmed that there is no email address for submitting false positives

 

5. How You Can Help

 

If you find that there is a vendor which I have left out of the list please leave a comment about this so I can investigate. Also, if you find that any of the information I provide is incorrect please let me know immediately so that I can fix this. This includes circumstances in which I say I have confirmed that an option does not exist (when it now does), information that does not work as promised, vendors that no longer support their product, etc... I will personally look into all information provided before adding it to the article. Starred products are those that I currently realize are in need of information. I could really use your help with those vendors as well.

 

That said, because of the strict requirements I have imposed for stating that I have confirmed that something does not exist, I will not be able to say that I have confirmed that submission options do not exist just because someone states it in the comments. I hope you understand that I am not insulting anyone but just being very cautious before adding information to the article. However, things like submission links or email addresses I can investigate myself and add. I only need an official response for confirming that something does not currently exist.

 

I really do need your help to maintain this article as this is way too much information for me to investigate on my own. Keeping this list up to date would require an astronomical amount of work, and I'm already very busy with many other projects. I thank you for whatever time you can contribute to make this best malware submission article on the internet.

 

 

 

 

Please help by rating this article. Also, if you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.

 

If you found this article useful then perhaps you'd like to check out some of my others.

Best Free Antivirus Software

How to Avoid Spam

How to Clean An Infected Computer

How to Fix a Malware Infected Computer

How to Harden Your Browser Against Malware and Privacy Concerns

How to Install Comodo Firewall

How to Know If Your Computer Is Infected

How to Protect Your Online Privacy

How to Report Dangerous Websites

How to Report Spam

How to Stay Safe While Online

How to Tell if a File is Malicious

How to Tell If A Website Is Dangerous

 

This software category is maintained by volunteer editor Chiron. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

 

Share this
4.683545
Average: 4.7 (79 votes)
Your rating: None

Comments

by LucasZ on 20. November 2014 - 23:29  (119763)

bkav@bkav.com.vn takes zip files too, so add it to your jumbo mailto link.

Here are email addresses you don't have.
virus@ByteHero.com
huangruimin@kingsoft.com

Submission URLs you don't have:
[Link removed as per site rules](The WOT rating is due to questionable company practices. They're one of the vendors in VirusTotal though, so I think they're worth listing here)
http://www.zonerantivirus.com/zaslani-vzorku-k-overeni

by Chiron on 21. November 2014 - 1:32  (119767)

Thank you. I updated the email submission address for bkav to say it works for zip files. I also added the email address submission for kingsoft.

However, as far as I know ByteHero does not detect samples by signature, therefore I'm not sure how much it helps to add them to this list. Do you have more information about how they detect files? I had thought it was only through behavior.

Also, thank you for the submission address for zoner antivirus. I have added this. However, I cannot add the one for rising because it does not have a green, or unknown WOT rating, which is a techsupportalert requirement and nothing which I can do about that.

Thank you.

by Bill-R on 18. November 2014 - 18:28  (119688)

@Chiron: Typo? I see Avert Labs but not McAfee in your combined email list in #2. I imagine maintaining this list for a year is even more difficult than building it initially, especially since "with so many [email contacts] in the list it is difficult to tell which are temporary issues and which are permanent."

Batch file @HunterHunted described is handy. Perhaps someone will extend it to opening AOL Mail and adding the attachment. (Can't wait for the Windows 19 "Think it: Do it" interface.)

by Chiron on 18. November 2014 - 18:56  (119692)

Thank you for pointing this out. However, when I send a sample to the avertlabs email address I have in the article I quickly get an analysis email response from Mcafee. Thus, this does seem to be a good choice for Mcafee.

However, on this page:
http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx
Mcafee lists a different email address for submission. That said, I'd rather not recommend a change as I see that the avert one gets a very fast response. What are your thoughts on this situation?

Thanks.

by Bill-R on 18. November 2014 - 20:22  (119695)

You have both the experience and insight, so asked and answered. I just noticed that McAfee was missing because of a FN and a FP (McAfee). I saw your discussion with WZehntner and (mis?)interpreted that outcome and the site instructions to expect both an Avert (for GW) and a McAfee address for both FP and FN. Since not an oversight, I am glad I used "Typo?"! (Please do note wording in text of McAfee FP chart entry.)

by hunterhunted on 12. October 2014 - 11:31  (119146)

Very, very useful. Some email addresses seem to be down for me:
submit@trojanhunter.com
k7viruslab@labs.k7computing.com
trojans@moosoft.com
virus@esafe.com

To further streamline stuff, I have a bat file with the following content in my directory with malware and just drag new samples onto it.

@echo off
"C:\Program Files\7-Zip\7z.exe" a -pinfected -t7z "%1.7z" "%1"
"C:\Program Files\7-Zip\7z.exe" a -pinfected -tzip "%1.zip" "%1"

Modify accordingly for wherever you installed 7zip.

by Chiron on 14. November 2014 - 6:22  (119611)

I checked this with a small file, and for me trojans@moosoft.com was down, k7viruslab@labs.k7computing.com was down, and virus@esafe.com was down as well.

However, I did not have any emails bounced for submit@trojanhunter.com. Thus, perhaps that was just a temporary problem. I will correct the article for the three which we both confirmed.

Thank you.

by DanielRuf on 5. September 2014 - 15:32  (118404)

still having issues with password protected zip file:

Sorry, we were unable to deliver your message to the following address.

:
Remote host said:
552-5.7.0 This message was blocked because its content presents a potential
552-5.7.0 security issue. Please visit
552-5.7.0 http://support.google.com/mail/bin/answer.py?answer=6590 to review our
552 5.7.0 message content and attachment content guidelines. gd3si3997315wib.22 - gsmtp
[BODY]

Sorry, we were unable to deliver your message to the following address.

:
Remote host said:
550-DKIM: encountered the following problem validating yahoo.de:
550 signature_incorrect
[BODY]

by Chiron on 5. September 2014 - 17:32  (118405)

Does it only present a problem when submitting zip files, or does it say the same for 7z files?

by DanielRuf on 6. September 2014 - 16:48  (118423)

I think this would make no difference. But I did not try it.

(please delete the other comment from me - it is a duplicate)

by Chiron on 7. September 2014 - 14:01  (118435)

It has been deleted. Also, when you have a chance, please do try it. Google will reject any attachments which are in a password protected zip file. This seems like what is happening for here.

Also, can you please let me know if there is a specific vendor for which this is happening for?

Thank you.

by DanielRuf on 7. September 2014 - 14:17  (118436)

Forgot to copy the email addresses

:
552-5.7.0 This message was blocked because its content presents a potential
...

:
550 signature_incorrect
...

by MrBrian on 26. August 2014 - 4:08  (118200)

Wilders member stapp has requested that I pass on this information:

The listing for Emsisoft gives a 404 for the Online Malware Submission link.

It should either be

http://www.emsisoft.com/en/support/submit/ (English)
or
http://www.emsisoft.de/de/support/submit/ (German]

by Chiron on 31. August 2014 - 23:03  (118323)

Thank you for bringing this to my attention. They must have changed the site URL. I added the English URL to the list.

Thanks again.

by WZehntner on 6. August 2014 - 13:59  (117791)

I suggest an additional link to submit false-positive samples for McAfee-GW-Edition:

virus_research_gateway@avertlabs.com

The correct procedure to submit is explained here:
https://kc.mcafee.com/corporate/index?page=content&id=KB62662&actp=null&...

Background-story: in the past 4 weeks I submitted 3 times the same sample file to virus_research@mcafee.com and each time I got the reply:
"Automated analysis was not able to determine that this file is malware. This file is
being sent for further processing and the DAT files will potentially be updated if
detection of this sample is warranted"

Finally I registered with the McAfee-community and explained my case.
Today I submitted my sample again to the new submission adress.
Hopefully they will now handle this case.

by Chiron on 15. August 2014 - 4:36  (117954)

From what I can tell from the link either email address should work. Did you find that the file was never detected when you used virus_research@mcafee.com, even after a week or so?

Also, did you find that if the file was submitted to virus_research_gateway@avertlabs.com it was actually added to the database faster? What were your findings when you tried it?

Thanks.

by WZehntner on 15. August 2014 - 6:44  (117958)

My false positive sample was detected when I uploaded it to virustotal.
I then submitted it 3 times to virus_research@mcafee.com (leaving at least 7 days interval). My file was never whitelisted there.
The new email adress virus_research_gateway@avertlabs.com works better for samples that are flagged as McAfee-GW-Edition.
If you are interested I can provide the report-links from virustotal.

by Chiron on 15. August 2014 - 16:58  (117974)

No problem. I just updated the article for the new email address. Your findings seem pretty conclusive.

Thank you very much.

by WZehntner on 17. August 2014 - 16:11  (118018)

Just to clarify: both email adresses are valid.
Only if a false positiv is marked as "McAfee-GW-Edition" I would recommend the new adress. For other McAfee-findings I would still use the old adress.

by Chiron on 21. August 2014 - 1:19  (118107)

Thank you, and I am sorry for the misunderstanding. I have now edited the article. Is it now correct?

by WZehntner on 21. August 2014 - 7:45  (118116)

Yes, correct, thanks.

by Chiron on 21. August 2014 - 13:44  (118129)

Thank you.

by qwerty12345 on 28. July 2014 - 14:06  (117626)

Mails to Emco were failing yesterday. Not sure if this is a temporary thing.

Undelivered Mail Returned to Sender

This is the mail system at host zim-mta-01.simnet.is.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system : host zim-mbox-05.simnet.is[194.105.232.108] said:
552 5.2.2 Over quota (in reply to end of DATA command)

by Chiron on 28. July 2014 - 18:27  (117632)

You are not the only one to receive this error. I received it as well. I have contacted their support and asked whether that email address is still in use, or if not which to use. I will let you know if they respond.

If I don't respond to this comment within a week please feel free to respond and ask me what I found. It's always possible I'll forget to respond if Emco doesn't send me an email.

Thanks.

by qwerty12345 on 28. July 2014 - 14:04  (117625)

I do not believe Webroot is accepting submissions for virus samples via email. I received this email from them:

Hello,

Thank you for contacting Webroot Support.

All files being scanned by Webroot SecureAnywhere are broken down into hash
signatures and behavioral data. These data points are sent to the Webroot Intelligence Network to determine if the original file is good, bad, or undetermined. The file itself is not sent to Webroot, so no personal data is leaving your computer.

If you wish to submit a file to our Threat Research team for analysis, please visit
"http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx"Webroot File Submission and follow the instructions. Please note this is currently limited to 10mb per file

If you are concerned about the safety of a specific file on your computer, you
can right-click on a file to “Scan with Webroot.” This scan should typically complete within seconds.

However, if the scan results are inconclusive, you can submit a file to our
Threat Research team for further analysis. The Submit a File option only supports files or .zip folders up to 10MB. Please follow the steps below.

1. Open SecureAnywhere on your computer.
2. Click the gear icon next to “Utilities.”
3. Click the “Reports” tab, and then select “Submit a File.”
4. In the window that opens, click “Browse” to find the file you wish to submit.
5. Once the file is selected, click “Open.”
6. Select a reason for submission from the list provided.
7. Insert the CAPTCHA and click “Submit a File.”

Our Threat Research team will investigate the file submitted and update our determinations if
necessary.

Regards,
The Webroot Support Team

by Chiron on 28. July 2014 - 18:17  (117630)

Thank you. I have updated this information in the article. Let me know if you find any other issues.

Thanks again.

by DanielRuf on 21. July 2014 - 11:52  (117456)

any updates?

analysis@norman.no
The email address you specified couldn't be found or is invalid. It may be due to a bad entry in your Outlook or Outlook Web App recipient AutoComplete cache. Use the steps below to clear the entry from the cache:

: host zim-mbox-05.simnet.is[194.105.232.108] said:
552 5.2.2 Over quota (in reply to end of DATA command)

:
Remote host said: 550 signature_incorrect [BODY]

by Chiron on 25. July 2014 - 12:48  (117579)

I just tested the mailing list yesterday. I received two failures, but neither was for Norman. I do know that sometimes the vendors have problems, which are often fixed quickly. The issue is that with so many in the list it is difficult to tell which are temporary issues and which are permanent.

Also, some vendors have issues with larger file sizes. How large was the one you tried to submit? Are you still experiencing the same issues, or is everything working correctly for you now as well?

Thank you.

by DanielRuf on 25. July 2014 - 14:03  (117585)

When I tried it the last time (22nd of July) I still had these 3 problems.

It can not be caused by me.

email address couldn't be found or is invalid: email address does not exist on the server of the receiver, this is an Exchange error. I do not use any Outlook, I use a completely different email client and I send all mails with SMTP. No Exchange server between me and any receiver if the receiver does not use one.

Over quota: postbox of receiver is full (errorcode 522 5.2.2 http://www.inmotionhosting.com/support/email/bounceback-errors/email-err... / 552 5.2.2 Over quota (in reply to end of DATA command) )

550 error: http://dkim.org/specs/draft-allman-dkim-base-01.html problem with PGP key (my email was not signed at all, so this was very weird)

My email headers just have at least a x-enigmail-version field with the Enigmail version, but are not signed. This just tells the receiver which Enigmail version I use, if the email is signed or encrypted but it was not.

All other email providers and receivers ignored the field and did not misinterpret, that the email is not signed (even if it is) and accepted the email without any problems. So their MTA has a bug or does/did something wrong.

And if it would be signed, it would work because my key is valid.

Which failures exactly did you get?

by qwerty12345 on 28. July 2014 - 14:01  (117624)

Received the error yesterday for Norman:

Delivery has failed to these recipients or groups:

analysis@norman.no
The email address you specified couldn't be found or is invalid. It may be due to a bad entry in your Outlook or Outlook Web App recipient AutoComplete cache. Use the steps below to delete the entry from the cache:

Click New mail.
In the To field start typing the recipient's name or email address until the recipient appears in the drop-down list.
Use the DOWN ARROW and UP ARROW keys to select the recipient, and then press the DELETE key.
Then resend your message – delete and retype the recipient’s name or e-mail address before sending it.

For more tips on how to resolve this issue see DSN code 5.1.1 in Exchange Online.

Diagnostic information for administrators:

Generating server: DB4PR03MB507.eurprd03.prod.outlook.com
analysis@norman.no
Remote Server returned '550 5.1.1 RESOLVER.ADR.RecipNotFound; not found'

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.