Suspicious Sample Submission

Good day!

I just experienced the problem when I upload the suspicious samples from F-Secure website, the website stucked at "Preparing file for upload". Forever.

image.png

I know the product list not include FS Protection, can it be add there?

Also, the file size is limited to only 100MB which today is not enough. Some are large, such as SilverFox samples are often over 100MB. Symantec/Broadcom limit is 700MB.

Is that possible to upload large suspicious samples in the future?

Thank you!

Answers

  • Ukko
    Ukko Posts: 3,955 Superuser

    Hello,

    I am only an F-Secure user.

    I just experienced the problem when I upload the suspicious samples from F-Secure website, the website stucked at "Preparing file for upload". Forever.

    Sounds as "Preparing file for upload" should either switch to reCaptcha or start uploading.

    And it seems to me that ""Please wait..."" stuck may depend on the file size. Like: smaller files are processed quickly, larger files - slowly. Or it could be related to the user's bandwidth (or the opposite: internal limits of service). Alternatively: other computer resources that may be needed for something like calculating a file's hash, determining some of its keythings or some safety preparations before actual uploading (much like Virustotal does). // managed, later, to think that this is a hash-generating stage.

    Can you verify that it is possible to 'upload' (jump further 'please wait…' phase) with, say, 1MB file?

    Or, for example, wait sufficient time for files over 50MB. For me it was, let's say, some minute/minutes. Then I tried increasing (10MB, 20MB, 40MB, 50MB, 90MB and so on) to check more precisely. Smaller files without such a long wait. I did not actually try to upload them then, though. The 150MB .apk-file was stuck in the 'please wait..' phase for about two hours. So, I decided to look at browser's console and I think there was an 'error'.

    Thus, I tried to figure out what is the limit there. And, maybe, it is pinned to some bytes or some other properties of file.

    For example, 83824KB file is fine.

    But 87992KB file is not (counted as 90103416 bytes in binary).

    So, maybe, the problem may occur after some threshold in bytes. Which is less than 100MB anyway (for my experience). Then dealing with 'hash' or whatever stage is now becomes 'crashed' (Uncaught (in promise) RangeError: Invalid array length).

    Maybe you can contact them to report this. If your experience is relevant to my current tries.

    Also, the file size is limited to only 100MB which today is not enough.

    It showed me 200MB.

    (Selected file is too large. Max 200 MB allowed.)

    I know the product list not include FS Protection, can it be add there?

    fs protection UI currently refers to this page (I mean, general https://www.f-secure.com/en/support/submit-a-sample). So, it should be fine to use it.

    And, basically, fs protection is kind of F-Secure TOTAL beta. So, you could just pick it up as TOTAL. And further note it in description.

    Is that possible to upload large suspicious samples in the future?

    Perhaps you can try contacting them via web-chat option (f-secure.com/support) and seek for the recommended way to upload multiple/large samples at once to F-Secure Labs.

  • Sheldon_Zhou
    Sheldon_Zhou Posts: 2 Observer

    Thank you for long reply!

    I believe it's about the reCaptcha issue, when I upload, it stucked there. Probably it's my browser issue. I tried with my Edge and Chrome both cannot (in the real environment)… but I can upload them through my VM environment.

    In the future, if upload larger than 200MB file, I will use web-chat first. I found out sample submission usually a day or two to get reply, the storage I use (wromhole) cannot storage that longer (only 24 hrs).

  • Ukko
    Ukko Posts: 3,955 Superuser

    I found out sample submission usually a day or two to get reply

    I think, you can just develop a discussion with them after receiving a response. I can't say for sure, because I feel like I haven't received a response to my transfers - which are mostly URLs - for a long time.

    If their reply is of some meaningful nature and leaves the possibility to send a response (which most likely should be the case), then you can find out about the possibilities for your use case there (to avoid contacting the support group via web-chat, and probably immediately communicate with a Labs representative).

    // but an interesting situation arises: why then do I have such a strange inability to send files starting from a certain size. Anyway, this is off-topic already.