Submissions

Scholar

Submissions

Hi,

 

I submit a lot of samples to F-Secure, in the past I was receiving a reply for each submission, for example:

 

------------------------------

Hello,

Thank you for your submission.

The file you sent was found to be malicious. We will be detecting the sample you submitted as XXXXX in the next database update.

Our latest database updates are available here:

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/140

Best regards,
--------
F-Secure Security Labs              http://www.f-secure.com/weblog/
F-Secure Corporation                http://www.f-secure.com/

------------------------------

 

Now I just get this:

 

------------------------------

Greetings,

##########
This message is an automatic reply from F-Secure's Security Labs Ticketing system. Your Ticket ID is XXXXXXXX.

Please do not reply to this message. If you got this e-mail by mistake, please disregard it.
##########

Thank you for your submission.

We have received your sample submission and will process it as soon as possible.

Best regards,
--------
F-Secure Security Labs              http://www.f-secure.com/weblog/
F-Secure Corporation                http://www.f-secure.com/

------------------------------


The email I use for sending samples is not the email in my forum profile, if it's needed please let me know and I'll send it via private message.

Also, when you were replying to submissions, the detection names were looking like Bitdefender's detections, for example "Gen:Variant.Kazy.378447". After few hours, the files were detected by Bitdefender too with exactly the same detection name. Do you add samples to Bitdefender engine? I know you have own engine too so that's pretty strange.

 

Thanks.

7 REPLIES 7
Advocate

Re: Submissions

It probably means that you should log in to SAS later to check the scan results because it's not available right away. Your SAS account is completely separate from this forums so your email shouldn't be the problem.

 

Regarding Bitdefender:

F-Secure uses Bitdefender engine + several own F-Secure engines. In fact, many AV's use Bitdefender engine.

Check out C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\aquarius\core\bdcore.dll

File Description: "Bitdefender Core"  Digitally signed by Bitdefender

I guess new detections for the Bitdefender engine is updated at Bitdefender as well.

Superuser

Re: Submissions

Here more was questions about:

 

 - If F-Secure receive sample. why they create signature for Bitdefender-engine/core (like main signature-based engine);

 

 - And do not create signature for their engine-core (or improving that core);

 

Answers, of course, will be logical and I can to imagine couple of them (about seven or eight) - but here anyway can be interesting answer by F-Secure. :)

 

Scholar

Re: Submissions

I don't use SAS, I send samples to vsamples@f-secure.com

 

Regarding the email - I meant that the email I used while registration on the forum is different than this one I use for submissions :)

 

When F-Secure was replying, then Bitdefender was detecting each file with the same detection as F-Secure sent me in the message.

Highlighted
Former F-Secure Employee

Re: Submissions

Hi Malware1,

 

Please remember to log in or sign up on the left panel, otherwise you won't receive the e-mail notification.

 

Kindly note that SAS portal is the official method to submit samples to our labs.

 

Thank you.

Regards,
Ivan

Has somebody helped you? Give Kudos as a way to say "thanks!"
Has your issue been solved? Mark the post using the "Accept as Solution" button to let others know.
Scholar

Re: Submissions

Hi,

 

That still doesn't answer my questions. I was receiving replies in the past, but I don't receive them new. What's up?

F-Secure Product Expert

Re: Submissions

Hello,

 

Please DO NOT make any virus sample submission via e-mail, it is not safe and most of the time it would be undelivered, any unsafe content in mail attachment will be striped by E-Mail Filter. "vsamples" is not a valid e-mail address and we do not recommend sending virus sample over e-mail system.

 

Here you will find details of the different ways you can send us virus samples. There are three methods to send us samples:

 

• The most common is to use our sample submission webform. This webform guides you to give us all the information we need to process a sample. You can find the webform at:
F-Secure Sample Analysis System

 

Note: Samples can be submitted anonymously without an account. Signup for an account only if you want to:

  •  Get feedback on samples
  •  Submit large batches of samples
  •  Submit URLs

 

• If the sample is larger than 5Mb in size, you must upload the sample to our ftp site at:
ftp://ftp.f-secure.com/incoming/

 

• If the sample is on some physical media, for example a CD, DVD or USB drive, you can send the physical media to us at:
Security Labs
F-Secure Corporation
Tammasaarenkatu 7
PL 24
00181 Helsinki
Finland

 

Also, referring this KB article for more details.

 

Thanks.

 

Best Regards,
Jayson

"A person who never made a mistake never tried anything new" -Albert Einstein

Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Scholar

Re: Submissions

Hi,

 

There's no email filter on my service, then this is not a problem to me. I see you're receiving the files, but there's no reply with analysis since a month.

 

I submit large amounts of samples automatically to many companies, that's the reason why I need to use the email. I won't automatize form-based submissions.

 

The FTP server would be good (I use FTP submitting to few vendors, that's easy to automatize it to me) but can I upload files

smaller than 5 MB to it?

 

Regarding "samples on physical media" - sorry, that sounds like a joke.

 

Thanks.