Submissions

Hi,

 

I submit a lot of samples to F-Secure, in the past I was receiving a reply for each submission, for example:

 

------------------------------

Hello,

Thank you for your submission.

The file you sent was found to be malicious. We will be detecting the sample you submitted as XXXXX in the next database update.

Our latest database updates are available here:

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/140

Best regards,
--------
F-Secure Security Labs              http://www.f-secure.com/weblog/
F-Secure Corporation                http://www.f-secure.com/

------------------------------

 

Now I just get this:

 

------------------------------

Greetings,

##########
This message is an automatic reply from F-Secure's Security Labs Ticketing system. Your Ticket ID is XXXXXXXX.

Please do not reply to this message. If you got this e-mail by mistake, please disregard it.
##########

Thank you for your submission.

We have received your sample submission and will process it as soon as possible.

Best regards,
--------
F-Secure Security Labs              http://www.f-secure.com/weblog/
F-Secure Corporation                http://www.f-secure.com/

------------------------------


The email I use for sending samples is not the email in my forum profile, if it's needed please let me know and I'll send it via private message.

Also, when you were replying to submissions, the detection names were looking like Bitdefender's detections, for example "Gen:Variant.Kazy.378447". After few hours, the files were detected by Bitdefender too with exactly the same detection name. Do you add samples to Bitdefender engine? I know you have own engine too so that's pretty strange.

 

Thanks.

Answers

  • NikKNikK Posts: 931

    It probably means that you should log in to SAS later to check the scan results because it's not available right away. Your SAS account is completely separate from this forums so your email shouldn't be the problem.

     

    Regarding Bitdefender:

    F-Secure uses Bitdefender engine + several own F-Secure engines. In fact, many AV's use Bitdefender engine.

    Check out C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\aquarius\core\bdcore.dll

    File Description: "Bitdefender Core"  Digitally signed by Bitdefender

    I guess new detections for the Bitdefender engine is updated at Bitdefender as well.

  • UkkoUkko Posts: 2,893

    Here more was questions about:

     

     - If F-Secure receive sample. why they create signature for Bitdefender-engine/core (like main signature-based engine);

     

     - And do not create signature for their engine-core (or improving that core);

     

    Answers, of course, will be logical and I can to imagine couple of them (about seven or eight) - but here anyway can be interesting answer by F-Secure. :)

     

  • malware1malware1 Posts: 4

    I don't use SAS, I send samples to [email protected]

     

    Regarding the email - I meant that the email I used while registration on the forum is different than this one I use for submissions :)

     

    When F-Secure was replying, then Bitdefender was detecting each file with the same detection as F-Secure sent me in the message.

  • IvanDIvanD Posts: 31

    Hi Malware1,

     

    Please remember to log in or sign up on the left panel, otherwise you won't receive the e-mail notification.

     

    Kindly note that SAS portal is the official method to submit samples to our labs.

     

    Thank you.

  • malware1malware1 Posts: 4

    Hi,

     

    That still doesn't answer my questions. I was receiving replies in the past, but I don't receive them new. What's up?

  • JaysonJayson Posts: 595

    Hello,

     

    Please DO NOT make any virus sample submission via e-mail, it is not safe and most of the time it would be undelivered, any unsafe content in mail attachment will be striped by E-Mail Filter. "vsamples" is not a valid e-mail address and we do not recommend sending virus sample over e-mail system.

     

    Here you will find details of the different ways you can send us virus samples. There are three methods to send us samples:

     

    • The most common is to use our sample submission webform. This webform guides you to give us all the information we need to process a sample. You can find the webform at:
    F-Secure Sample Analysis System

     

    Note: Samples can be submitted anonymously without an account. Signup for an account only if you want to:

    •  Get feedback on samples
    •  Submit large batches of samples
    •  Submit URLs

     

    • If the sample is larger than 5Mb in size, you must upload the sample to our ftp site at:
    ftp://ftp.f-secure.com/incoming/

     

    • If the sample is on some physical media, for example a CD, DVD or USB drive, you can send the physical media to us at:
    Security Labs
    F-Secure Corporation
    Tammasaarenkatu 7
    PL 24
    00181 Helsinki
    Finland

     

    Also, referring this KB article for more details.

     

    Thanks.

     

    Best Regards,
    Jayson

  • malware1malware1 Posts: 4

    Hi,

     

    There's no email filter on my service, then this is not a problem to me. I see you're receiving the files, but there's no reply with analysis since a month.

     

    I submit large amounts of samples automatically to many companies, that's the reason why I need to use the email. I won't automatize form-based submissions.

     

    The FTP server would be good (I use FTP submitting to few vendors, that's easy to automatize it to me) but can I upload files

    smaller than 5 MB to it?

     

    Regarding "samples on physical media" - sorry, that sounds like a joke.

     

    Thanks.

     

This discussion has been closed.