How to Report Malware or False Positives to Multiple Antivirus Vendors

 

This article contains a list of every respectable Windows anti-malware vendor, with a signature based product, that I am aware of. Thus this list, in addition to showing you how to easily submit malware or false positives to all of them, also serves as a reference for anti-malware products which are confirmed to be legitimate. That said, I make no statement as to whether any particular anti-malware vendor is good at detecting malware. Some of the vendors in this list are very good and others are nearly worthless. This is not the place to discuss this. By submitting malware to all of them you can help protect nearly all internet users, regardless of which product they choose to use for protection.

 

Also, it would really help if you could rate this article. In addition, for those of you who are knowledgeable about anti-malware vendors, if you do find something wrong, whether it be a missing vendor, incorrect information, missing information, etc..., please read the section about How You Can Help. I really need everyone's help in order to improve and maintain this article.

 

Changelog:

3/25/2014 - Minor changes were made to email contacts for a few vendors. The main mailing lists have been updated.

4/1/2014-Added another name Vipre is known by and added clarification for how webmail users should use the email list.

4/2/2014-Added some explainations for webmail users, and added "*" to the legend above the table.

4/5/2014-Removed Lavabit from the email recommendations as they are no longer in business.

 

Index

1. How To Easily Prepare To Submit The Samples

    A) Make Sure Email Client Is Set Up Properly

    B) Put Samples In Compressed Files

2. Easily Submit Malware To All Vendors

3. Criteria Used For The List

4. List Of All Vendors

5. How You Can Help

 

1. How To Easily Prepare To Submit The Samples

 
A) Make Sure Email Client Is Set Up Properly

To follow the advice in this article you will need to have an email client, such as Thunderbird or Hotmail/Live/Outlook, set up and configured. If you have not already set this up, please do so now. For instructions on how to set up Outlook please see this page and for instructions on how to set up Thunderbird please see this page.

 

You will also have to be using an email services which has been confirmed to work for this process. The only one which I am currently aware of is AOL.

By the way, I have confirmed that GmailYahooHotmailGMXFastMailShortmail, and BigString do not work.

 

In terms of the ones which do work, please note that sometimes they will force you to answer a puzzle, to prove that you're human, or even to change your password. This is because it seems like what you're doing constitutes unusual account activity. This is not really a problem. I'm just letting you know ahead of time so you're not surprised.

 

B) Put Samples In Compressed Files

If you're planning on submitting a suspicious file, or multiple files, for analysis, the easiest way to do this is to install a program called 7-Zip. It can be downloaded from this page. Once it's installed right click on the sample you would like to submit and select "7-Zip". If you are submitting multiple samples then highlight then all and then right click on them. Then choose "7-Zip". Submitting multiple samples at once can save you a lot of time if you have a lot of samples to submit. However, I would suggest that you do not submit more than 5 at a time as some vendors will begin to reject these.

 

After selecting "7-Zip", in the list that appears, select the option to "Add to archive...".  It will open up a window as shown in the picture to the right. Then, in the options for "Archive format" make sure it is set to zip. Then enter in 'infected' as the password. Do not include the quotes. Then select ok.

 

After this is done, in order to submit it to many of the remaining vendors, once again follow exactly the same steps only this time change the "Archive format" to 7z. Then put in the same password and select OK. Now you should have the samples by themselves, a password protected zip file, and a password protected 7z file.

 

2. Easily Submit Malware To All Vendors

 

One of the main purposes of this article is to make it as easy as possible for anyone who comes across malware to submit it to all security vendors in as few steps as possible. Also, don't worry about duplicate submissions. This has been taken care of for this list.

 

You can submit the password protected zip file by clicking on this link. (Attach zip file after email client opens and then click send)-Webmail users should right click on it and choose to save the email addresses. Then paste them in the contact line of your email.

You can submit the password protected 7z file by clicking on this link. (Attach 7z file after email client opens and then click send)-Webmail users should right click on it and choose to save the email addresses. Then paste them in the contact line of your email.

 

If the email is not delivered correctly please see my comments in section A1 to make sure that you are not using one of the email services which do not work with this list.

At this point you've submitted the sample to all vendors below marked with a mail. This does include most of them. Also, if a message failed to be delivered to one or more of the vendors, which does happen sometimes, you can manually submit it to them below if you like. Also, if you wish, you can submit the sample to the rest of the vendors who have submission information. Each of these vendors is marked with a However, this will be much more time consuming as you will have to manually submit the sample to each vendor individually. Note that for online forms, unless instructed otherwise, you should upload the file directly and not in a compressed file.

 

3. Criteria Used For The List

 

My only criteria for adding vendors to this list are that they have to have their own website, which must provide contact information. Also, the vendor must have a signature based anti-malware product, not have a bad reputation, and their main site cannot be rated orange or red by Web Of Trust - which is a criterion imposed by techsupportalert and is non-negotiable.

 

If, in the list, I say that I have confirmed something, that means that I have either been provided that information directly from the vendor or from some other official source with connections to the vendor. I've already run across some occasions where, for example, the website indicates there is not a particular submission option, but their support tells me that there is. Thus, you can rest assured that if I say that something is confirmed to not exist, that information is trustworthy. The only way it can be incorrect is if the vendor now provides a particular submission option which they previously did not.

 

4. List Of All Vendors

 

Unless otherwise noted, when submitting a sample via an online form you should upload the file directly and not in a compressed file. Also, unless otherwise noted, submissions by email should be put in a password protected zip file. Just click on the link for the vendor you wish to submit it to and it will automatically fill the necessary details into your default email client. Then all you need to do is attach the zip file and click send. For any cases where the vendors require different steps they are clearly noted.

 

The symbol mail denotes vendors who are included in the mailing lists in the previous section. You've already submitted the samples to them.

The symbol denotes vendors who do not have an email address for submission but do have some alternate options for submitting samples.

The symbol  denotes vendors who use the signatures of other vendors. Thus you don't need to submit samples to them directly.

If a vendor is unmarked this indicates that I currently have no information about how to submit malware to them.

An "*" means that there is incomplete information. If you have any information your assistance would be greatly appreciated.

 

To jump to the relevant section of the list please click on the letter that the vendor you're interested in begins with. The vendors are arranged alphabetically.

A, B, C, D, E, F, G, H, I, K, L, M, NP, Q, R, S, T, UV, W, XZ

Please note that some products are known by multiple names. Thus, if you are having trouble finding a particular vendor, or product, it will likely be very helpful to search for them using ctrl-f.

 

Vendor Submit Malware Submit False Positives

ACD

HomePage

Forum

Online Malware Submission

I have confirmed that there is no email address for submitting malware

Online False Positive Submission

I have confirmed that there is no email address for submitting false positives

Agnitum/Outpost

HomePage

unofficial Forum

Online Malware Submission

I have confirmed that there is no email address for submitting malware

Online False Positive Submission

I have confirmed that there is no email address for submitting false positives

mailAhnLab

HomePage

Registered users can report malware via the options on this page

or

anyone can Report Malware via Email

Registered users can report false positives via the options on this page

or

anyone can Report False Positive via Email

mail*Antiy

HomePage

The online malware submission form linked to on their site does not currently work.

Report Malware via Email (attach password protected 7z file)

I have found no online false positive submission form

Report False Positive via Email

mailArcaVir/arcabit

HomePage

Report Malware via Email (attach password protected 7z file)

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

Ashampoo

HomePage

Submit malware to Emsisoft and Ikarus as Ashampoo uses the same signatures

Submit false positives to Emsisoft and Ikarus as Ashampoo uses the same signatures

Auslogic

HomePage

Submit malware to BitDefender as Auslogic uses the same signatures

Submit false positives to BitDefender as Auslogic uses the same signatures

*Avanquest

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailAvast

HomePage

Forum

Online Malware Submission (click on "General contact" which is near the bottom. Then from the drop-down subject menu select "Report of undetected malware")

or

Report Malware via Email

Online False Positive Submission (click on "General contact" which is near the bottom. Then from the drop-down subject menu select "Report false virus alert in file")

or

Report False Positive via Email

Avertive

HomePage

Submit malware to Agnitum as Avertive uses the same signatures

Submit false positives to Agnitum as Avertive uses the same signatures

*AVG

HomePage

Forum

Online Malware Submission

I have found no working email address for submitting malware

Online False Positive Submission

AVZ

HomePage (Russian)

Submit malware to Kaspersky as AVZ uses the same signatures

Submit false positives to Kaspersky as AVZ uses the same signatures

mailAvira AntiVir

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

*Baidu

HomePage

Online Malware Submission

I have found no working email address for submitting malware

Online False Positive Submission

or

Report False Positive via Email

mailBitDefender

HomePage

Forum

Online Malware Submission (Select "False Negative" and check the box for file)

or

anyone can Report Malware via Email

Online False Positive Submission (Select "False Positive" and check the box for file)

or

anyone can Report False Positive via Email

mailBkav

HomePage

Forum (Vietnamese)

Online malware submission is available to registered users through this page (translate page from Vietnamese)

or

anyone can Report Malware via Email (attach password protected 7z file)

You can join their forum and post false positive here (forum is in Vietnamese)

or

Report False Positive via Email (attach password protected 7z file)

*Blink/eEye

HomePage

Forum

I have confirmed that there is no online malware submission form

I have found no working email address for submitting malware

I have found no online false positive submission form

I have found no working email address for submitting false positives

Blue Atom Antivirus

HomePage

I have confirmed that there is no online malware submission form

I have confirmed that there is no email address for submitting malware

I have confirmed that there is no online false positive submission form

I have confirmed that there is no email address for submitting false positives

mail*BluePoint Security

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have found no online false positive submission form

Report False Positive via Email

*Brigade Antivirus

HomePage (Indonesian)

Forum

I have found no online malware submission form

I have found no working email address for submitting malware

I have found no online false positive submission form

I have found no working email address for submitting false positives

BullGuard

HomePage

Forum

Submit malware to BitDefender as BullGuard uses the same signatures

Submit malware to BitDefender as BullGuard uses the same signatures

Celframe

HomePage

Forum

Online Malware Submission (Select 'Freemium Products' and then select "Celframe Free AntiVirus" and submit malware on next page)

I have confirmed that there is no email address for submitting malware

Online False Positive Submission (Select 'Freemium Products' and then select "Celframe Free AntiVirus" and submit false positive on next page)

I have confirmed that there is no email address for submitting false positives

mailChicaLogic

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email (attach password protected 7z file)

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

ClamAV

HomePage

Forum

Submit malware to Immunet Protect as ClamAV uses the same signatures

Submit false positives to Immunet Protect as ClamAV uses the same signatures

mail*Clearsight

HomePage

Forum

I have confirmed that there is no online malware submission form

Report Malware via Email

I have found no online false positive submission form

Report False Positive via Email

mailCMC

HomePage (Vietnamese)

Forum (Vietnamese)

Report Malware via Email (attach password protected 7z file)

Report False Positive via Email (attach password protected 7z file)

mailComodo

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mailCommand Antivirus/Commtouch

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

Constant Guard/xfinity

HomePage

Submit malware to Symantec as Constant Guard uses the same signatures Submit false positives to Symantec as Constant Guard uses the same signatures

Crystal Security

HomePage

 

I have confirmed that there is no online malware submission form

I have confirmed that there is no email address for submitting malware

 

I have confirmed that there is no online false positive submission form

I have confirmed that there is no email address for submitting false positives

Cyberoam

HomePage

Submit malware to Avira as Cyberoam uses the same signatures

Submit false positives to Avira as Cyberoam uses the same signatures

mail*Defenx

HomePage

I have confirmed that there is no online malware submission form

I have found no working email address for submitting malware

I have found no online false positive submission form

I have found no working email address for submitting malware

mailDigital Defender

HomePage

Forum

Online Malware Submission

or

Report Malware via Email (attach password protected 7z file)

Online False Positive Submission

or

Report False Positive via Email (attach password protected 7z file)

mailDr. Web

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mailEmco

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailEmsisoft

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

You can join their forum and post false positives here

or

Report False Positive via Email

maileSafe/Aladdin

HomePage

Registered users can log in through this site, request support, and attach the suspicious file

or

anyone can Report Malware via Email

Registered users can log in through this site, request support, and attach the false positive

or

anyone can Report False Positive via Email

maileScan

HomePage

Forum

Online Malware Submission (Select "Submit a Ticket" and then Samples)

or

Report Malware via Email

Online False Positive Submission (Select "Submit a Ticket" and then "False Positive")

or

Report False Positive via Email

Faronics

HomePage

Submit malware to Vipre as Faronics uses the same signatures

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

mailFortinet/FortiGuard

HomePage

Forum

Online Malware Submission (can only upload up to 1 MB)

or

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailFortKnox SpyEmergency/Netgate

HomePage

Online Malware Submission (near the bottom)

or

Report Malware via Email

Online Malware Submission (near the bottom and make sure to put false positive in the comments)

or

Report False Positive via Email

mailF-Prot/FRISK

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mailFSB Antivirus

HomePage

Forum

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailF-Secure

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

G Data

HomePage

Online Malware Submission

I have confirmed that there is no email address for submitting false positives

Online False Positive Submission

I have confirmed that there is no email address for submitting false positives

mailHazard Shield/Orbitech

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

You can join their forum and post false positive here

or

Report False Positive via Email

mailherdProtect

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email (attach password protected 7z file)

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

Hitman Pro

HomePage

Submit malware to BitDefender, Kaspersky, and Emsisoft as Hitman Pro uses the same signatures Submit false positives to BitDefenderKaspersky, and Emsisoft as Hitman Pro uses the same signatures

mailIkarus

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailImmunet Protect

HomePage

Forum

Online Malware Submission (Select "Submit a virus from the drop-down menu)

or

Report Malware via Email

Online False Positive Submission (Select "Submit a false positive" from the drop-down menu)

or

Report False Positive via Email

Iolo

HomePage

Submit malware to Commtouch as Iolo uses the same signatures

Submit false positives to Commtouch as Iolo uses the same signatures

mailK7

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailKaspersky

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mailKingsoft

HomePage

Forum

You can join their forum and post malware sample here

You can join their forum and post false positives here

mail*KV Antivirus/Jiangmin

HomePage

I have found no online malware submission form

Report Malware via Email

I have found no online false positive submission form

Report False Positive via Email

mailLavasoft Ad-Aware

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

Lumension

HomePage

Forum

Submit malware to Norman as Lumension uses the same signatures

Submit false positives to Norman as Lumension uses the same signatures

Malwarebytes

HomePage

Forum

You have to join their forum and post malware samples here

I have confirmed that there is no email address for submitting malware

You have to join their forum and post false positives here

I have confirmed that there is no email address for submitting false positives

mailMcAfee

HomePage

Forum

Online malware submission is available to registered users through this page for gold support customers or this page for platinum support customers

or

anyone can Report Malware via Email

Online false positive submission is available to registered users through this page for gold support customers or this page for platinum support customers

or

anyone can join their forum and post false positives here or send an email to this email address

mail*Micropoint

HomePage

Forum

I have found no online malware submission form

Report Malware via Email

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailMicrosoft Security Essentials

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mail*MKS

HomePage (Polish)

Online Malware Submission (Polish)

or

Report Malware via Email

I have found no online false positive submission form

I have found no working email address for submitting false positives

Moon Secure

HomePage

Submit malware to Immunet Protect as Moon Secure uses the same signatures Submit false positives to Immunet Protect as Moon Secure uses the same signatures

MSecure

HomePage

Submit malware to Ikarus as MSecure uses the same signatures

Submit false positives to Ikarus as MSecure uses the same signatures

Multi-AV

HomePage

Submit malware to AviraEmsisoftKasperskySophos, and Trend Micro as Multi-AV uses the same signatures Submit false positives to AviraEmsisoftKasperskySophos, and Trend Micro as Multi-AV uses the same signatures

mailNano Antivirus

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

*Naver Antivirus

HomePage (Korean)

I have found no online malware submission form

I have found no working email address for submitting malware

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailNeo

HomePage

Online Malware Submission

or

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailNod32/ESET

HomePage

Forum

Report Malware via Email

Report false positives through the program itself

or

Report False Positive via Email

mailNoraScan

HomePage

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mailNorman

HomePage

Forum

 

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mailnProtect

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email
 

mailPanda

HomePage

Forum

Online Malware Submission (You need to translate the page from German)

or

Report Malware via Email

Online False Positive Submission (You need to translate the page from German)

or

Report False Positive via Email

PC Keeper/Zeobit

HomePage

Submit malware to Avira as PC Keeper uses the same signatures

Submit false positives to Avira as PC Keeper uses the same signatures

PC Tools

HomePage

Forum

Submit malware to Symantec as PC Tools uses the same database

False positives must be submitted through the program itself

mail*Preventon

HomePage

I have found no online malware submission form

Report Malware via Email (attach password protected 7z file)

I have found no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

*Protector Plus/Proland

HomePage

The online malware submission provided on their site doesn't work correctly.

The email address provided on their site doesn't work correctly.

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailPSafe

HomePage (Portuguese)

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailQihoo Antivirus/360

HomePage (Chinese)

Forum (Chinese)

Online Malware Submission (Option on left is suspicious file and option on right is false positive; provide email below)

or

Report Malware via Email

Online False Positive Submission (Option on left is suspicious file and option on right is false positive; provide email below)

or

Report False Positive via Email

Quick Heal

HomePage

Forum

Online Malware Submission (Fill in necessary information and select "Sample File Submission")

I have confirmed that there is no email address for submitting malware

Online False Positive Submission (Fill in necessary information and select "Submit False Positive")

I have confirmed that there is no email address for submitting false positives

Raxco/PerfectAntivirus

HomePage

Submit malware to BitDefender as PerfectAntivirus uses the same signatures

Submit false positives to BitDefender as PerfectAntivirus uses the same signatures

*RemoveIt/incodesolutions

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailReturnil

HomePage

Forum

I have confirmed that there is no online malware submission form

Report Malware via Email (attach password protected 7z file)

I have confirmed that there is no online false positive submission form

Report False Positive via Email (attach password protected 7z file)

*Rising

HomePage (Chinese)

There is no suitable online form for submitting malware as theirs is rated red by WOT

I have confirmed that there is no email address for submitting malware

There is no suitable online form for submitting false positives as theirs is rated red by WOT

I have confirmed that there is no email address for submitting false positives

*Roboscan/ALYac

HomePage

Online Malware Submission

I have found no working email address for submitting malware

Online False Positive Submission

I have found no working email address for submitting false positives

mailRubus/Ozone Antivirus

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

ShawSecure

HomePage

Submit malware to McAfee as Shaw Secure uses the same signatures Submit false positives to McAfee as Shaw Secure uses the same signatures

mail*SmartCOP

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have found no online false positive submission form

Report False Positive via Email

mailSophos

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mailSpybot Search & Destroy

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission (Make sure to let them know it's a false positive)

or

Report False Positive via Email

*SpyCop

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

I have found no online false positive submission form

I have found no working email address for submitting false positives

mail*SRN/Solo Antivirus

HomePage

I have found no online malware submission form

Report Malware via Email

I have found no online false positive submission form

Report False Positive via Email

SuperAntiSpyware

HomePage

Forum

Report malware through tool on this page

I have confirmed that there is no email address for submitting malware

Report false positives through SuperAntiSpyware program interface

I have confirmed that there is no email address for submitting false positives

mailSymantec/Norton

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

I have confirmed that there is no email address for submitting false positives

mailThe Cleaner/MooSoft

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mailThe Hacker

HomePage (Spanish)

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailthirtyseven4

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mail*Total Defense

HomePage

Online Malware Submission

or

Report Malware via Email

I have found no online false positive submission form

Report False Positive via Email

Trend Micro

HomePage

Forum

Report Malware via Email (Note that the password must be virus)

Online False Positive Submission (Attach the password protected zip file and tell them the password in the comments section)

I have confirmed that there is no official email address suitable for submitting false positives

mail*TrojanHunter

HomePage

Forum

I have confirmed that there is no online malware submission form

Report Malware via Email

I have found no online false positive submission form

Report False Positive via Email

mailTrojan Remover/Simply Super Software

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

TrustPort

HomePage

Submit malware to AVGBitDefenderDr. Web, Vipre, and VirusBlokAda as TrustPort uses the same signatures

I have confirmed that there is no online false positive submission form

Report False Positive via Email

mailTwister/Filseclab

HomePage

I have confirmed that there is no online malware submission form

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

Untangle

HomePage

Forum

Submit malware to Immunet Protect as Untangle uses the same signatures Submit false positives to Immunet Protect as Untangle uses the same signatures

UnThreat

HomePage

Forum

Submit malware to Vipre as UnThreat uses the same signatures

Submit false positives to Vipre as UnThreat uses the same signatures

Verizon Internet Security

HomePage

Submit malware to McAfee as Verizon Internet Security uses the same signatures Submit malware to McAfee as Verizon Internet Security uses the same signatures

mailVipre/Sunbelt/Threattrack

HomePage

Forum

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

Vir.IT

HomePage

Online Malware Submission

I have confirmed that there is no email address for submitting malware

Online False Positive Submission (Select "Analysis Required" and write "Possible False Positive" in the Description box)

I have confirmed that there is no email address for submitting false positives

mailViRobot/HAURI

HomePage

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission

or

Report False Positive via Email

mailVirusBlokAda/VBA32

HomePage

Online Malware Submission (Translate page from Russian)

or

Report Malware via Email

I have confirmed that there is no online false positive submission form

Report False Positive via Email

Virus Chaser/IWT

HomePage (Thai)

Submit malware to Dr. Web as Virus Chaser uses the same signatures

Submit false positives to Dr. Web as Virus Chaser uses the same signatures

VIRUSfighter

HomePage

Submit malware to Agnitum as VIRUSfighter uses the same signatures

Submit false positives to Agnitum as VIRUSfighter uses the same signatures

*VirusKeeper

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

I have found no online false positive submission form

I have found no working email address for submitting false positives

mailWebroot

HomePage

Forum

Online malware submission is available  through this page

or

Report Malware via Email

False positive submission is available to through this page

or

Report False Positive via Email

*Xyvos

HomePage

I have found no online malware submission form

I have found no working email address for submitting malware

I have found no online false positive submission form

I have found no working email address for submitting false positives

Zemana

HomePage

Submit malware to Emsisoft, G Data, Ikarus, and Dr. Web as Zemana uses the same signatures

Submit false positives to EmsisoftG DataIkarus, or Dr. Web as Zemana uses the same signatures

ZenOK

HomePage

Submit malware to BitDefender as ZenOK uses the same signatures

Submit false positives to BitDefender as ZenOK uses the same signatures

mailZillya

HomePage (Ukrainian)

Online Malware Submission

or

Report Malware via Email

Online False Positive Submission (Make sure to say that it's a false positive)

or

Report False Positive via Email

ZoneAlarm/Check Point

HomePage

Forum

Submit malware to Kaspersky as ZoneAlarm uses the same signatures

Submit false positives to Kaspersky as ZoneAlarm uses the same signatures

Zoner

HomePage

I have confirmed that there is no online malware submission form

I have confirmed that there is no email address for submitting malware

I have confirmed that there is no online false positive submission form

I have confirmed that there is no email address for submitting false positives

 

5. How You Can Help

 

If you find that there is a vendor which I have left out of the list please leave a comment about this so I can investigate. Also, if you find that any of the information I provide is incorrect please let me know immediately so that I can fix this. This includes circumstances in which I say I have confirmed that an option does not exist (when it now does), information that does not work as promised, vendors that no longer support their product, etc... I will personally look into all information provided before adding it to the article. Starred products are those that I currently realize are in need of information. I could really use your help with those vendors as well.

 

That said, because of the strict requirements I have imposed for stating that I have confirmed that something does not exist, I will not be able to say that I have confirmed that submission options do not exist just because someone states it in the comments. I hope you understand that I am not insulting anyone but just being very cautious before adding information to the article. However, things like submission links or email addresses I can investigate myself and add. I only need an official response for confirming that something does not currently exist.

 

I really do need your help to maintain this article as this is way too much information for me to investigate on my own. Keeping this list up to date would require an astronomical amount of work, and I'm already very busy with many other projects. I thank you for whatever time you can contribute to make this best malware submission article on the internet.

 

 

 

 

Please help by rating this article. Also, if you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.

 

If you found this article useful then perhaps you'd like to check out some of my others.

How to Avoid Spam

How to Clean An Infected Computer

How to Fix a Malware Infected Computer

How to Harden Your Browser Against Malware and Privacy Concerns

How to Install Comodo Firewall

How to Know If Your Computer Is Infected

How to Protect Your Online Privacy

How to Report Dangerous Websites

How to Report Spam

How to Stay Safe While Online

How to Tell if a File is Malicious

How to Tell If A Website Is Dangerous

 

This software category is maintained by volunteer editor Chiron. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

 

Share this
4.666665
Average: 4.7 (63 votes)
Your rating: None

Comments

by BillR on 1. April 2014 - 23:41  (115439)

Nice list of instructions for reporting false positives found by Metascan-Online.com was posted by Taeil Goh on March 21, 2014, in the Metascan Online blog (provided by OPSWAT). List includes ~40 vendors.
https://www.metascan-online.com/en/blog/what-do-i-do-if-an-engine-detect...

I see several vendors on the Metascan Online list that are not present in table above but I know that you skip over some vendors that use signatures from another vendor.

by Chiron on 2. April 2014 - 0:24  (115442)

Thank you. I looked through this list and found that I do already have all of them in the list, with the exception of three. One of these is ByteHero, which cannot be included as it is not signature based and that is one of the requirements for being on this list.

The other two are AegisLab and VirIT. I will look into these and see about adding them. I also found out that Threattrack is related to Vipre. I thus added that name next to Vipre so that if users are searching for that vendor they can still find it in this list.

Thank you.

by BillR on 1. April 2014 - 23:33  (115438)

Thanks for the new changelog feature, Chiron. I noticed the recent update date; wondered what changed; knew the answer almost immediately.

I wish all authors/editors would follow suit and use a changelog.

by Chiron on 2. April 2014 - 0:16  (115441)

And thanks for the suggestion of creating one. I will try to update this every time I update the article. However, if I don't please remind me and I will update it. I'm sure you're not the only one who appreciates it.

Thanks.

by LucasZ on 25. March 2014 - 23:31  (115286)

These two email addresses are down: submit(at)trojanhunter.com and virus(at)esafe.com

submit(at)trojanhunter.com:
qmail-local crashed.
I'm not going to try again; this message has been in the queue too long.

This is an automatically generated Delivery Status Notification.
Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
virus(at)esafe.com

by Chiron on 25. March 2014 - 23:47  (115289)

Thank you for pointing this out. I have contacted both trojanhunter and esafe and requested that they look into this. I will update you when they have responded.

Thanks.

by BillR on 3. February 2014 - 16:08  (114214)

-- "Updated 1. February 2014 - 22:04 by Chiron"
Ummm, GREAT!? (And definitely "Thanks for maintaining the article.")

The update notice is useful but please consider adding CHANGE HISTORY to your excellent series of articles. Each entry should be very brief and the list truncated periodically. The list could be chronological, reverse chronological, or subdivided to separate out vendor contact changes or other updates. (Whatever would be easy for you.) As is, we have no idea what changed, especially with such a long and involved topic.
Perhaps:
(date) - Added Change History
(date) - Updated contact info for X and Y.
(date) - Clarified vendor list legend.
(date) - Added vendor Z.
(date) - Added detailed instructions for using 7-Zip.
-----
Minor grammar, spelling, wording, layout, or typo changes
(recent date), (date-date), (date)

More generally, all articles should include change history.

by Chiron on 9. February 2014 - 3:00  (114339)

The reason I do not do that with an article like this is that it is meant to be an article which is always up-to-date, and one which is meant to be visited each time the information within it is used. That is one of the reasons I give the mailing list as a link rather than a downloadable file.

Thus, every time you visit the site you know that it is completely up-to-date. No change history needed.

Perhaps I misunderstood your reasons for wanting this. If I have misunderstood, please correct me.

Thank you.

by BillR on 23. March 2014 - 0:39  (115202)

I'm glad that you are keeping the article current but I think you are missing the (or rather "a") _user_ perspective and are also making an unwarranted assumption about how the article and embedded links are used. Four related points are followed by a few asides.

First, if you change something in the article, I have no way of knowing whether I need to reread the article (e.g., directions changed) or should just continue doing what I'm doing (e.g., address added) -- even ASSUMING I can use the procedure as you apparently expect! Without a (very brief) change log, I'm clueless. The change log does not matter to a first time reader but is useful to those who revisit the page as well as those who might be interested when the article appears in the site update list.

Second, I can't directly use your directions anyway. Clicking on your otherwise very helpful email links do not directly open my new webmail account. Aside: I opened an AOL account (thanks for mentioning that it works) just for this purpose so all related email is segregated. Rather than copying and pasting the list each time, I chose to create three mailing lists (malware-submit-zip, malware-submit-7z, and malware-FP-submit. As I'm not a malware researcher, I don't really care if a few addresses are not current (changed, new, no longer applicable) but I will have to periodically update my mailing lists. The first two lists will be easy to update thanks to your well maintained email links.

Third, I'm not sure I would want to revisit this article every time I want to submit a file. I'm probably satisfied to submit malware to a meta-scanner or two and leave it at that as long as a couple of major vendors correctly identify it unless I encounter the malware in or via email addressed to/from friends and family (thus motivating me to do more). Two such accounts were hacked recently so I'm getting a lot more nasty and targeted spam than usual (still more motivation). You've also said elsewhere that just submitting malware to a metascanner is insufficient in general (and always if a major vendor does not identify it). Your point about the current list being maintained here by you is quite good, however.

Fourth, a large portion of my submissions relate to false positives, anyway, as I enjoy exploring lesser known freeware, etc. I value such software, recommend it to others, and would like to see it more widely used, so I am motivated to be more active even when my installed security software is not directly affected. This article does provide useful detail but (as you note in another comment) FPs are not your primary focus. Again, though, this is yet another, albeit small, reason to have a change history.

Three asides peripheral to the change history comment:

Although I'm slightly uncomfortable submitting malware to vendors that already detect it I assume (hope) most vendors automate receipt sufficiently that already detected submissions are never seen by a human. I'm guessing you make the same assumption given the comprehensive and monolithic nature of your email lists.

I'm not sure who your target audience is for this article but I would think that I am vaguely near the site median technically as a once upon a time professional programmer/analyst who still has some "core" around somewhere (though I did miss the charged plates and vacuum tubes). This site is certainly moderately technical but is not focused on even hobbyist security much less professional malware research.

Finally, I would note in passing that the 7-zip malware list only contains eight(?) names. I've decided for myself that using the extensive zip email list suffices for me as I'm not personally aware of anyone who uses a vendor on the lesser list (but then most of the time I also am satisfied with just using two of the extensive metascanners).

Whatever you decide, I hope you will interpret my comments as both my small attempt to improve a very useful article and appreciation of your efforts in developing and maintaining it. Even when I'm critical or just disagree!

by Chiron on 23. March 2014 - 1:03  (115205)

Thank you for this long, and very well-thought out, reply.

I now think I understand why you would like a change history of some sort. I do believe I can add something simple, such as noting when the article was last changed, and whether the changes were for the submission directions, minor grammatical editing, adding a vendor, etc...

As for the email links not opening up with your webmail account, can you suggest an alternative which would work well for you? Is there a more convenient way for you to get the list of emails?

As for the false positives, I do believe that the submission of False Positives is almost as important as the submission of new malware.

What I have found is that most companies do automate the submission of malware, at least to the point where new samples will be scanned to ensure they are not already detected. That is why I think it's safe to recommend that users just submit new samples to them all. However, for false positives these often go straight to human technicians. Thus, I cannot automate the submission of false positives. To submit those the best way is to find the vendor in this list and follow the advice to submit the false positive.

As to why the 7-zip mailing list only contains 8 names, I would be happiest if it contained zero. The only reason that mailing list has to exist is because those are companies who use Gmail for malware submission. In case you did not know, Gmail will not allow any zip files, even password protected, to be sent through it if there is an executable inside it. Thus, this is the only way to get around that problem.

Please let me know what you think of my responses, and whether you have any further questions. I really do appreciate you taking the time to post the above comments.

Thank you.

by BillR on 23. March 2014 - 2:23  (115210)

Wow, you are replying faster than I can finish the next comment! If only some vendors were as responsive!

Thanks for the additional detail. I didn't quite follow the GMail comment. Do mean that the vendor uses GMail as their email system and also that GMail recognizes executables inside password=infected .zip but not .7z files? I did already know that GMail and Hotmail/Live/Outlook and some other webmail vendors had some restrictions on including executables even when compressed but I am not aware of the details beyond that.

For change history I think a very brief comment along the lines you mentioned would suffice. THANKS.

"As for the email links not opening up with your webmail account, can you suggest an alternative which would work well for you? Is there a more convenient way for you to get the list of emails?"

What I'm doing recently works: one copy link and one paste into appropriate email mailing list using AOL. What you have built would have worked well until about four years ago when I switched from Outlook (app) to webmail.

I have wondered if someone would chime in with a simple solution to have email links open in webmail as the default mail handler. That would be handy for other purposes but I wouldn't want my new malware specific AOL account (or any AOL account) to be the default. Hotmail/Outlook or GMail would be handy, though.

Thanks for your consideration of my sometimes off-base comments.

by Chiron on 23. March 2014 - 16:23  (115230)

Your understanding of Gmail is correct. It can tell if there is an executable inside a zip file, but not a 7zip file.

About getting this to work well with webmail accounts, do you then think that users who do not use apps, such as Outlook or Thunderbird, would be able to use this well enough if I just added a comment letting them know they can right-click on the email links, copy it, and then paste it into their webmail account? From your experience do you think most users would be happy with that?

Sadly, I do not think it is possible for me to make a link which opens it up in the webmail. I believe it has to call on another program to open it. Hopefully the copy option discussed above would suffice.

As for your comments, I have not found them to be off-base. I really appreciate all of the time and thought you have put into your comments.

Thank you.

by BillR on 1. April 2014 - 23:50  (115440)

Regarding webmail users: I think a comment is a good idea and will encourage some additional reporting. It is actually quite easy to zip a file and send it provided the installed AV doesn't interfere. I'm glad you included the 7-zip list but it only adds a few vendors.

You might also reassure hesitant users that duplicative reporting is handled automatically for the most part.

by Chiron on 2. April 2014 - 0:27  (115443)

Thanks. I've added these suggestions to the article. Let me know what you think.

Thanks again.

by BillR on 2. April 2014 - 16:25  (115457)

Four small suggestions:
1. Expand problematic webmail list: "Hotmail/Live/Outlook".
2. Refer webmail users back to earlier discussion of which services work and why (just as a parenthetical remark like "(see A.1. for restrictions)"). I know it is only a couple of paragraphs above but many of us skip to just what we think we are looking for.
3. Offer a GMail (and Outlook.com(?) and others(?)) webmail only expanded 7-zip list since such users can't submit a .zip executable. I would completely understand if you did not want this additional maintenance task, nor is opening a single purpose AOL account difficult. I'm not sure how many people would avail themselves of this but it would make reporting easier for that group assuming _many_ companies on the zip list would also process a 7-zip file even if it is not officially listed. (I may have talked even myself out of this idea.)
4. Explain star/asterisk in the legend section (above table) even through it is also appropriately explained in the text below the table. Even when I remembered that I'd seen an explanation I couldn't find it because I searched on "asterisk" and "*" but forgot "star". Something quite simple would do:
* Incomplete information; assistance needed (see discussion following table)

Big thanks for both the original article and all the on-going tweaking.

by Chiron on 2. April 2014 - 18:30  (115459)

Thanks, I have added most of your suggestions. However, I did not add a list composed solely of 7-zip files because from what I've been told there are vendors that only accept zip files. Also, Gmail will not work with this list as it will reject it as spam (because there are too many recepients). At least that was the behavior previously. I have mentioned that in section A1.

Let me know if you have any questions, or further suggestions. This is very helpful.

Thanks.

by BillR on 29. January 2014 - 1:51  (114047)

Please consider adding a list of the most prominent metascanners and briefly explaining that as long as one vendor identifies a file as malware then all vendors will be notified (if they choose). From personal experience propagation to most vendors can take a week or two.

VirusTotal.com
(45+ Windows(?) engines; 64MB per file limit)
Metascan-Online.com
(40+ Windows engines; 80MB per file limit)
Jotti.org
(20+ *nix engines; 20MB per file limit)
VirSCAN.org
(35+ though not always as current; 20MB per file limit;
Zip & RAR up t0 19 files; optional passwords: infected OR virus)

by Chiron on 9. February 2014 - 2:30  (114334)

I did consider doing this. However, I opted for the method utilized in this article because the response time for the vast majority of AV's is much faster. Therefore, I worry that if I present what seems like a simpler way to do the same thing I might discourage users from using the mailing lists I have created. Thus, as using the lists is a much more effective approach, I would prefer to not mention this capability within this particular article.

Thanks.

by BillR on 29. January 2014 - 1:16  (114046)

Please consider creating two supplementary/summary lists organized by submission option so that someone could (even more!) easily submit a sample or false positive to multiple vendors at the same time.

I believe many vendors accept either "infected" or "virus".

The "TSA Recommended AV" list is intended to reward certain vendors who are "good to us" with slightly preferential access to new malware (in theory slightly improving their performance in various comparison tests unless this topic encourages pointless overuse that swamps them).

-----
Malware
(Categories may not be exactly correct - e.g., subject)
1. Email -
Subject: Suspicious File - [insert meaningful file/application name]
Attach Zip file with password: infected

All (~60; some-warning-about-appropriate-use)
TSA Recommended AV (for 2013: Avira AntiVir, avast!, AVG, BitDefender, Panda)
Avira AntiVir - virus@avira.com
avast! - virus@avast.com
AVG - virus@avg.com
BitDefender - virus_submission@bitdefender.com
Comodo - malwaresubmit@avlab.comodo.com
Panda - virus@pandasecurity.com
* - Also accepts password: virus

2. Email (note password) -
Subject: Suspicious File - [insert meaningful file/application name]
Attach Zip file with password: virus

3. Email (note 7z file type) -
Subject: Suspicious File - [insert meaningful file/application name]
Attach 7z file with password: infected

-----
False Positive
(Whatever categories and entries that make sense. "All" probably doesn't make sense for FPs.)

1. Email -
Subject: False Positive - [insert meaningful file/application name]
Attach Zip file with password: infected

by Chiron on 9. February 2014 - 2:27  (114333)

I do not entirely understand your suggestion here. Have you run into trouble with using the standard 'infected' as the password? As far as I am aware it should work with all of the AV's I have included it for. At least I have not had any vendor respond saying that there was a problem. Nor have I had a user report that they were experiencing problems either.

Also, in terms of the false positive list, I did not include that because most false positives are only for a few AV's. Also, they are more often handled manually, meaning the automated filtering which is often done for malware samples cannot be done. Therefore, I leave that entirely up to the user.

If I have misunderstood your suggestion please feel free to correct me.

Thanks.

by BillR on 23. March 2014 - 3:50  (115213)

I incorrectly assumed that if a vendor said use "virus" or 7-zip then "infected" or .zip were not acceptable. Your greater knowledge has allowed a simpler solution for submitting malware: two email lists that both use "infected" and a smaller list of vendors that actually do _require_ .7z attachments (apparently due to restrictions imposed by some webmail vendors).

I hope that more vendors eventually will allow both email and form submission and that all vendors at least support one method.

I was also overly concerned about submitting already detected malware:
"What I have found is that most companies do automate the submission of malware, at least to the point where new samples will be scanned to ensure they are not already detected. That is why I think it's safe to recommend that users just submit new samples to them all." -- Chiron

Thanks for your explanations here and elsewhere.

by Chiron on 23. March 2014 - 16:10  (115228)

You're welcome. Thank you for your very helpful, and well written, comments.

by BillR on 28. January 2014 - 15:55  (114032)

Thanks for including an email address whenever possible: so much easier to submit a FP to several vendors at the same time.

SUGGESTION: When someone submits a malicious file or FP via a form where the vendor does not support email submission, please consider adding a note in the comment section.

by Chiron on 9. February 2014 - 2:22  (114332)

I am confused by your suggestion. My article already notes both email addresses and web forms. If I have missed any web forms please let me know and I will include them.

Have I misunderstood your suggestion?

Thanks.

by BillR on 23. March 2014 - 0:53  (115204)

I was unclear. The "suggestion" is not meant for Chiron. I meant to say that I hope people who submit malware and FPs via a form but would rather have the convenience of email (like the links you, Chiron, provide for suspicious files) will ask the vendors to also support email submission. One email is much easier to submit than completing several FP forms.

by Chiron on 23. March 2014 - 1:04  (115206)

Okay, now I understand. Also, I absolutely agree. Email submission, both for malware and false positives, can be very helpful and time-saving.

Thanks.

by BillR on 29. January 2014 - 10:26  (114019)

Thanks for gathering and organizing this and related security topics, Chiron. They are full of useful information.

ASTERISK: The asterisk symbol and description should be included directly in the symbol list.

MORE FP INFO: Please consider updating this topic. Vendor participation with VirusTotal and Metascan-Online has expanded steadily so there are some new names. Ideally all products/vendors included by VirusTotal.com, Jotti.org, Metascan-Online.com, and VirSCAN.org should be listed in this already expansive list. The few other metascanners in my list are just small subsets of these though there may be Asian metascanners that are not.

The metascanner vendor/engine names are not consistent but please mention most of the variants in your list. Perhaps significantly different names that sort quite differently could be listed under the alternate name with just a cross reference to facilitate use. (I thought a vendor/engine was missing a couple of times before I trained myself to use the browser FIND instead of scrolling.)

A few additions (primarily based on a quick review of the metascanners) and comments:
(Other)
Malware Hash Registry - Missing? (see Team Cymru and WinMHR)
DR.Web - Site recommends "virus" although I hope it automatically tries "infected" as well
(VT)
ByteHero - Missing?
eScan - Mention MicroWorld?
McAfee - Same for Gateway? I've tripped over multiple McAfee groups with separate procedures several times in years past.
nProtect - Mention INCA Internet?
NoVirusThanks - Does it belong on list? Isn't vscan.novirusthanks.org just a metascanner? I haven't been able to reach it for a few months.
PC Tools - Defunct? - now Symantec?
Trend Micro - Mention Housecall?
(Metascan-Online)
STOPzilla - Missing?
Threattrack - Missing?
VirIT - Missing?
(Jotti)
CP Secure - Missing?
(VirSCAN)
a-squared - Didn't realize this was still a separate product.
Authentium - Missing?
VirusBuster - Missing?

FYI: I submitted a FP report to ANTIY using submit@antiy.com. The FP was eventually corrected on VT but several iterations of emails for the same files only resulted in a slightly confusing "We do not report your file as malicious. Please check again." each time. I even included links to metascan-online.com scans showing the FP. Perhaps just unclear phrasing/translation issues or an inappropriate automated response?

by Chiron on 9. February 2014 - 1:27  (114331)

Thank you. From what I can tell Malware Hash Registry does not detect malware in the traditional sense, but functions more like a firewall. Therefore, as it is not signature based to detect malware, it appears it is not suitable for this list.

As for Dr. Web, I have not experienced any issues by using infected.

Bytehero was not included as they do not allow submission of samples for detection. They are entirely heuristic-based.

As for some of your suggestions, this is not meant to be a list of all anti-malware applications. I am really focusing entirely on getting all of them in some way such that samples can be submitted to all. Therefore, if there are two products which use the same virus database, I have often included only one of them. Only when I felt there would be a great confusion if I did not have I included both.

As for NoVirusThanks, I checked their site and it does appear they no longer offer the scanner. Thus, I have removed them from this article.

As for StopZilla, their homepage is rated red by WOT and it is therefore not suitable for inclusion in this list.

ThreatTrack seems to be the same as Vipre. Am I confusing this?

As for VirIT, I have contacted them and asked for more information. I will add them in the future.

As for CPSecure, as far as I can tell it is network based, and therefore more of a firewall. Does it have signature protection as well?

A-Squared is the same as Emsisoft. It's just an older name for one of their products.

Authentium was acquired by Commtouch. Therefore, there was no need to include both.

VirusBuster was acquired by Agnitum. Therefore, there was no need to include both.

As for your issue with Antiy, if you continue experiencing issues please let me know. As of this moment I am going to assume it was just a misunderstanding of some sort, but if it becomes a pattern please let me know.

Thank you.

by BillR on 23. March 2014 - 1:57  (115207)

Thanks for the detailed vendor response. I would note that WinMHR and the Malware Hash Registry is just signature based as far as I can tell. Using WinMHR is rather like submitting a hash to VirusTotal for each active process and associated files. I don't know anything about CPSecure.

I realize now that our perspective for how to use this information is slightly different. What you have built is quite effective for submitting newly discovered malware to the vendors that build the underlying lists (e.g., BitDefender, who then provides its lists to other vendors). The procedure is somewhat less effective for filling in the detection holes as many of us are not well versed on vendor dependencies (e.g., I was completely unaware that Zemana uses "Emsisoft, G Data, Ikarus, and Dr. Web signatures"; though I did know that G Data basically combines BitDefender and avast! signatures [or did at one time: I'm hardly current]).

(BTW, the G Data description needs updating for those of us who are not well informed since other entries reference it and G Data does not provide a mechanism for non-subscribers to submit files.)

>> "[I]f there are two products which use the same virus database, I have often included only one of them. Only when I felt there would be a great confusion if I did not have I included both."

For myself, a slightly more complete list would be useful even if the entry is similar to the Zemana entry or "See xxx" or "unknown" or "verified not available". I would prefer to see at least a brief entry for any vendor/product participating in one of these four metascanners: VirusTotal.com, Metascan-Online.com, Jotti.org, or VirSCAN.org.

Again, thanks for the extensive work you've put in.

by Chiron on 23. March 2014 - 2:16  (115209)

Thank you for your response. About G Data, I have provided a form which anyone can use to submit malware to them. Have you had problems using this form? By the way, I agree it would be better if they had an email address for submitting malware, but as they do not this is the best I can do.

I do not provide complete information about which signatures each vendor uses for many reasons. One of these is that it would be too much work to keep that up-to-date. Many vendors change this periodically. Also, often the marketing teams for these companies do not make it clear exactly how they are implemented and how fast signatures from the other engine will be made available to the users.

Thus, the format I have decided to follow is to provide enough information so users can make sure that they have submitted the samples to enough companies to ensure that other users will be protected. This list is not meant to educate users about which engines all of the vendors use. That would be a very comprehensive list on its own. I hope this clears up some of the rationale behind why I leave certain information out.

Thanks again for your well thought out response. Let me know if you have any other questions.

Thanks.

Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here