How can I submit a sample to Eset?

Discussion in 'NOD32 version 2 Forum' started by sir_carew, Feb 17, 2005.

Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    As many people doesn't know how or where send a new sample to Eset, I'm making this new thread. I hope some moderator can stick this.

    - For heuristically detected samples (Probably unknown...), you can submit the file in question to sample@nod32.com

    - For samples that aren't detected by heuristic, you can submit the file in question to samples@nod32.com

    Please note that if a sample is detected by Signatures (By name), please don't submit the sample for Eset, except if you think that it's a new false positive (false alarm).

    Warmly,
    Andre
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I would merely add that when submitting files other than those in quarantine, it's strongly recommended to encrypt them with WinRAR or WinZIP first and protect the archive with the password "infected" which will prevent the attachment from being deleted on a mail server.

    If submitting files from quarantine there's no need to encrypt them first, simply attach the files with the nqi and nqf extensions to an email. Before you do that, be sure there are only files, which are reported as probably infected, in Quarantine (NOD32 Control Center - NOD32 System tools - Quarantine). Some people use to send us a bunch of files from quarantine, among which only a small portion was detected by heuristics.
     
  3. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Hello!


    I know where to send samples but ESET doesn't add this samples to database. I'm very disappointed. KAV and other AV detect this viruses.
    Today I got infected with adware, NOD32 doesn't detect this files. I don't know if i will send this files. I'm really sorry that i buy NOD32.
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    when I saw this thread, I thought to myself that this must SURELY be covered in the application helpfiles - if it is, I could not find it...

    How about a quick look around and everyone find a topic or two (each) that might be added to a wishlist for help-file inclusion - or at least the expansion of the FAQs available to include a number of "how-to's"

    I'd submit:

    1. submission of samples (I know - it's changing)
    2. configuring for maximum protection.
    3. how to setup a scheduled daily scan of your computer
    4. how to configure for SILENT protection

    hth

    Greg
     
  5. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    I guess samples are added on priority basis. This means adding itw sample takes couple of minutes to hour. Samples detected by heuristic aren't that hot and zoo samples is quit different story
     
  6. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    All samples were Trojans (Trojan-Downloader.Win32.Delf.ei, Trojan-Spy.Win32.Banker.kd, Trojan-Downloader.JS.Small.af etc - KAV names). Sent 21. 2. 2005. ESET didn't add to databases.

    We all know that NOD32 has small trojans and backdoors detection.
     
  7. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Not from these latest results; http://www.av-comparatives.org/

    Seems to be nearly on par, if not better than some other AV's, such as Dr Web and McAfee, who are 'well-known' trojan slayers ;)
     
  9. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    You're so wrong. NOD32 trojan detection is very good. AH is able to detect most new backdoors.

     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  11. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    sir_carew look here: http://www.av-comparatives.org

    ~removed sub-page link to av-c website as per post# 14 below~ Blackspear
     
    Last edited by a moderator: Mar 1, 2005
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The url no longer exists. Anyway, from the file name I judge the test was carried out a year ago (Feb 2004) which was a long time ago before trojans detection got supported by Advanced heuristics.
     
  13. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    The latest results have just been released which shows NOD's trojan detection capability at 84,80%.

    http://www.av-comparatives.org

    ~removed sub-page link to av-c website as per post# 14 below~ Blackspear
     
    Last edited by a moderator: Mar 1, 2005
  14. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    I hate to be a party pooper...

    "Please link ONLY to our main site www.av-comparatives.org and not to the other subpages. It's forbidden to use/provide our test results/documents/comments on other sites without our permission. If you find anything on other sites, please inform the forum/site admin to remove it."

    ...but yeah, new results are out, and you can go to http://www.av-comparatives.org to look at them.
     
  15. scrood

    scrood Guest

    The NOD32 2.12.3 help file says to send hueuristically-detected stuff to samples@eset.com. Recently, I submitted a sample to sample@nod32.com (having seen that email address mentioned elsewhere), but didn't get a reply.

    Can an Eset representative please--definitively and clearly--state what email address(es) should be used?

    I don't mean to sound jerkish, but I don't want to have to wonder if I'm wasting my time. I submit samples in an effort to help, and I don't see why there needs to be 50 different email addresses.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Both addresses work, don't worry that your email might get lost.
    sample@eset.com (sample@nod32.com) is dedicated to NewHeur_PE viruses detected by advanced heuristics
    samples@eset.com (samples@nod32.com) is for the others.
     
  17. scrood

    scrood Guest

    Thanks! :)
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I understand that sending samples to Eset will soon be simplified.

    Cheers :D
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's right. You'll simply check the Submit for analysis checkbox and that's all. Even with samples detected by AH, it will be checked by default.
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Marcos.

    Cheers :D
     
  21. scrood

    scrood Guest

    If it uses MAPI (like KAV does for its "contact support" function), it won't work for me. I don't use insecure MAPI-compatible email clients.
     
  22. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    This is the report of the scanning done over "20053225640210.jpg" file that VirusTotal processed on 03/04/2005 at 22:12:47 (CET).
    Antivirus Version Update Result
    AntiVir 6.30.0.5 03.04.2005 W32/ExplorerHijac.1
    AVG 718 03.04.2005 PSW.Legendmir.19.BA
    BitDefender 7.0 03.04.2005 Trojan.PWS.Lmir.ZO
    ClamAV devel-20050130 03.04.2005 Trojan.Lmir-56
    DrWeb 4.32b 03.04.2005 Trojan.PWS.Legmir.278
    eTrust-Iris 7.1.194.0 03.04.2005 Win32/Lemir.76516!Trojan
    eTrust-Vet 11.7.0.0 03.04.2005 no virus found
    Fortinet 2.51 03.04.2005 no virus found
    F-Prot 3.16a 03.04.2005 could be infected with an unknown virus
    Ikarus 2.32 03.04.2005 Trojan.PSW.Lmir.gen
    Kaspersky 4.0.2.24 03.04.2005 Trojan-PSW.Win32.Lmir.zo
    NOD32v2 1.1017 03.02.2005 no virus found
    Norman 5.70.10 03.02.2005 W32/Malware
    Panda 8.02.00 03.04.2005 no virus found
    Sybari 7.5.1314 03.04.2005 Trojan-PSW.Win32.Lmir.zo
    Symantec 8.0 03.03.2005 no virus found

    KAV detect this sample from Feb 11 2005. I'll send this file to ESET.
     
  23. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    This is the report of the scanning done over "Trojan-Spy.Win32.Banker.kd.zip" file that VirusTotal processed on 03/04/2005 at 22:29:59 (CET).
    Antivirus Version Update Result
    AntiVir 6.30.0.5 03.04.2005 TR/Dldr.Small.akq.1
    AVG 718 03.04.2005 PSW.Banker.17.U
    BitDefender 7.0 03.04.2005 no virus found
    ClamAV devel-20050130 03.04.2005 no virus found
    DrWeb 4.32b 03.04.2005 no virus found
    eTrust-Iris 7.1.194.0 03.04.2005 no virus found
    eTrust-Vet 11.7.0.0 03.04.2005 no virus found
    Fortinet 2.51 03.04.2005 no virus found
    F-Prot 3.16a 03.04.2005 no virus found
    Ikarus 2.32 03.04.2005 no virus found
    Kaspersky 4.0.2.24 03.04.2005 Trojan-Spy.Win32.Banker.kd
    NOD32v2 1.1017 03.02.2005 no virus found
    Norman 5.70.10 03.02.2005 no virus found
    Panda 8.02.00 03.04.2005 no virus found
    Sybari 7.5.1314 03.04.2005 Trojan-Spy.Win32.Banker.kd
    Symantec 8.0 03.03.2005 no virus found

    I send this file a week ago, but NOD32 doesn't detect this file.
     
  24. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    This is the report of the scanning done over "Trojan-Dropper.Win32.Small.rx.zip" file that VirusTotal processed on 03/04/2005 at 22:35:37 (CET).
    Antivirus Version Update Result
    AntiVir 6.30.0.5 03.04.2005 TR/PSW.Agent.A
    AVG 718 03.04.2005 Dropper.Small.12.AX
    BitDefender 7.0 03.04.2005 Trojan.Dropper.Small.RX
    ClamAV devel-20050130 03.04.2005 Trojan.Passview-1
    DrWeb 4.32b 03.04.2005 Trojan.MulDrop.1657
    eTrust-Iris 7.1.194.0 03.04.2005 Win32/Podilk.A!Trojan
    eTrust-Vet 11.7.0.0 03.04.2005 Win32.Podilk.B
    Fortinet 2.51 03.04.2005 no virus found
    F-Prot 3.16a 03.04.2005 no virus found
    Ikarus 2.32 03.04.2005 no virus found
    Kaspersky 4.0.2.24 03.04.2005 Trojan-Dropper.Win32.Small.rx
    NOD32v2 1.1017 03.02.2005 no virus found
    Norman 5.70.10 03.02.2005 no virus found
    Panda 8.02.00 03.04.2005 Trj/Small.FD
    Sybari 7.5.1314 03.04.2005 Troj/PWS-CE
    Symantec 8.0 03.03.2005 no virus found
     
  25. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Arbitrary as ever ;)

    ...and NOD32 is no exception to the rule - have a good look.

    regards,

    paul
     

    Attached Files:

Thread Status:
Not open for further replies.