Question for Moderator regarding submission of samples (samples[at]eset.com)

Just a question regarding something I'm a bit confused about, mainly a question for Marcos or another Mod. I guess.

Whenever anyone reports a suspected false positive, they are always told to send the file in a password protected archive to samples[at]eset.com.

However, EAV has a built-in file submission feature, that actually nags the user to submit suspicious files for analysis if they have been detected by EAV.

Does EAV not send the suspicious files properly? Why is this route never accepted by yourselves? You always demand that files are emailed to samples[at]eset.com despite EAV sending them. I'm just curious, and I've not read anything that explains the reasons.

Thanks in advance.

 

Well, not to mention that lots of SMTP servers on the way are set up to throw such samples away. I routinely configure mailservers to discard password-protected attachments that cannot be content-checked, and only allow them on per mailbox basis.

So...

- there's apparently a submit feature that's not used for adding samples. So, why's such feature there at all?
- sending viruses via mail is pretty troublesome for lots of users

Also, why don't you have a web form where people can upload samples via they browser?

 

Yes, I guess this is one of the reasons I ask. I have a couple of friends who have purchased EAV on my recommendation. Neither of them know about this site, and even if they did, they'd be scared off by some of the technical terms. They really just use their PC's for emailing, looking at an occasional web site and writing letters. That's about it.

One had a file flagged as suspicious some time ago. He asked me what to do when EAV was asking for it to be sent and I said yes, send it. It looked like a false positive to me, but I thought that ESET would look at it and take any appropriate action. I'm now wondering if this is right. If I told either of my friends to RAR a suspicious file and email it etc., they simply wouldn't know where to start.

I agree, if this is the only way to submit suspicious files, then it's pretty poor. If however, it is simply a shortcut to getting the file analysed more quickly, then that's fine. As long as the in-built submission feature does actually work for those not as computer savvy!

 

Via ThreatSense.Net ESET receives thousands of files. When you use email, staff can get your files easier. But in the futere ESET prepares improvements in this thing.

 

Do you have an idea what improvements of ThreatSense.NET exactly ?

 

For simple users it won't be change.

 

But for advanced users there will be what ? Or internal changes in ESET re. this ?

 

Given this amount of files, is it worth telling someone to send suspicious files this way, or does anything sent just get lost in all the volume? I.e. does Eset still use these files to tailor EAV's definitions?