Author Topic: Submitting Suspicious Files to Security Vendors  (Read 383 times)

Offline ArticlesTeam

  • News & Articles Team
  • Bronze Member
  • Posts: 66
Submitting Suspicious Files to Security Vendors
« on: October 23, 2016, 09:55:42 AM »


Part I: Online File Analysis Services for Microsoft Windows Operating Systems


Have you ever found a suspicious file on your computer, or received one that is untrusted from someone? Perhaps your resident anti-virus alerts you of something that you suspect might be false positive. If you need a second opinion you can search online for more information, but what if your search brings up nothing? Is there a way to investigate further?
There are online file checking services online that will take submissions.  Some of them are more comprehensive than others, so you may need to shop around for the type of output log/statistics that meets your needs.  The services use multi-engine scanning to test your submitted file(s) against many different anti-virus vendors’ scanners.
Instructions on the sites may vary. In most cases the procedure is done online, but sometimes files may be sent through a web form, email or a by using a special tool. When submitting a sample online usually it is done by navigating to the file, clicking “Open”, and pasting it into a “Submit Suspicious File” field.  Note that some of the services limit file size. After the submission is tested against multiple anti-virus vendors’ scanners, you will have an idea of what it is and who recognizes it.  Unless told otherwise, the service will provide the sample to all participating vendors. The report will be issued to you via email, or the report may displayed in a new window.

The following is a list of some of the online file checking services:

Avira
https://analysis.avira.com/en/submit

Clam AV
http://www.gietl.com/test-clamav/
500KB file size limit

Comodo Instant Malware Analysis
 http://camas.comodo.com/cgi-bin/submit

Cuckoo Sandbox’s Malwr Analysis
https://malwr.com/submission
 or  https://malwr.com/

FortiGuard
https://www.fortiguard.com/antivirus/virus_scanner.html

Joe Sandbox
http://www.joesecurity.org/
For executables, PDF or DOC(Microsoft Word) files

Jotti’s Malware Scan
 http://virusscan.jotti.org/en
Maximum file size: 20MB

Kaspersky Virus Desk
https://virusdesk.kaspersky.com/
For URLs or files

OPSWAT MetaScan
https://www.metascan-online.com/en
Maximum file size 140 MB

Payload Security’s Hybrid Analysis
https://www.hybrid-analysis.com/
https://www.reverse.it/
Maximum upload size: 180 MB

ThreatExpert
http://www.threatexpert.com/filescan.aspx
Maximum file size: 5MB

VirSCAN
http://virscan.org/
Maximum file size: 20MB per file, but must be less than 20 files.
Service supports Rar/Zip compressed files.

VirusTotal
http://www.virustotal.com/
Maximum file size: 32MB – suspicious files or URL’s

Votiro
https://cloud.votiro.com/
Cloud Sanitization Service analyzes suspicious files and neutralizes trojans, viruses, worms and zero-day attacks. Maximum file size: 16MB  (Supported File Types: pdf,jpg,jpeg,png,bmp,tif,tiff,gif,wmf,emf)

========================================

Part II: Sending Samples for Further Research

Have you found one of more files on your computer that you cannot identify by doing an internet search or by submitting suspicious file(s) to an online file checker mentioned in Part I? Perhaps you suspect that it is a dangerous file that an anti-virus vendor needs to inspect and possibly include in its definitions. On the other hand maybe your resident AV has mistaken a good file for a bad one.  There is a way to submit suspicious malware samples to the vendors so researchers can do some investigation. Based on their findings, they may decide to add the submission(s) to their signatures or to simply let you know that their detection has made a mistake.

When working with a member of the SpywareHammer Staff, you may be asked to submit a file to SpywareHammer. Your helper will post the necessary information on how and where to send the file(s).

The following is a list of vendors that will test your submissions. Instructions may vary for each site and are usually detailed. You may be able to submit files online, by using a special tool, or you may be required to send them via email.

Avast
https://www.avast.com/faq.php?article=AVKB258

AVG
http://samplesubmit.avg.com

Bitdefender
http://www.bitdefender.com/submit/

DrWeb
https://vms.drweb.com/sendvirus/?lng=en

ESET
http://support.eset.com/kb141/?locale=en_US

Kaspersky
For URLs:
https://virusdesk.kaspersky.com/
For files:
https://virusdesk.kaspersky.com/#page-02

Malwarebytes
http://uploads.malwarebytes.org/

McAfee
http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx

Microsoft
https://support.microsoft.com/en-us/kb/939288

SOPHOS
https://community.sophos.com/kb/en-us/11490

Symantec
https://submit.symantec.com/websubmit/retail.cgi

TrendMicro
https://ers.trendmicro.com/guide/en_us/AG/Help/Sending_Suspicious_Files_to_Trend_Micro.htm


In some cases you will be informed of the results. If a false positive is in question, simply updating your antivirus a few hours later may be all that is needed to resolve the issue.

Sources:
http://cleanbytes.net/malware-online-scanners
https://www.raymond.cc/blog/analyze-suspicious-exe-files-with-comodo-instant-malware-analysis/
http://www.thewindowsclub.com/ways-scan-files-urls-multiple-antivirus-engines-virustotal

« Last Edit: October 28, 2016, 05:54:59 AM by ArticlesTeam »




Sorry, this topic is locked. Only admins and moderators can reply.