Question for Moderator regarding submission of samples (samples[at]eset.com)

Discussion in 'ESET NOD32 Antivirus' started by pondlife152, Nov 16, 2008.

Thread Status:
Not open for further replies.
  1. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Just a question regarding something I'm a bit confused about, mainly a question for Marcos or another Mod. I guess.

    Whenever anyone reports a suspected false positive, they are always told to send the file in a password protected archive to samples[at]eset.com.

    However, EAV has a built-in file submission feature, that actually nags the user to submit suspicious files for analysis if they have been detected by EAV.

    Does EAV not send the suspicious files properly? Why is this route never accepted by yourselves? You always demand that files are emailed to samples[at]eset.com despite EAV sending them. I'm just curious, and I've not read anything that explains the reasons.

    Thanks in advance.
     
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, not to mention that lots of SMTP servers on the way are set up to throw such samples away. I routinely configure mailservers to discard password-protected attachments that cannot be content-checked, and only allow them on per mailbox basis.

    So...

    - there's apparently a submit feature that's not used for adding samples. So, why's such feature there at all?
    - sending viruses via mail is pretty troublesome for lots of users

    Also, why don't you have a web form where people can upload samples via they browser?
     
  3. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Yes, I guess this is one of the reasons I ask. I have a couple of friends who have purchased EAV on my recommendation. Neither of them know about this site, and even if they did, they'd be scared off by some of the technical terms. They really just use their PC's for emailing, looking at an occasional web site and writing letters. That's about it.

    One had a file flagged as suspicious some time ago. He asked me what to do when EAV was asking for it to be sent and I said yes, send it. It looked like a false positive to me, but I thought that ESET would look at it and take any appropriate action. I'm now wondering if this is right. If I told either of my friends to RAR a suspicious file and email it etc., they simply wouldn't know where to start.

    I agree, if this is the only way to submit suspicious files, then it's pretty poor. If however, it is simply a shortcut to getting the file analysed more quickly, then that's fine. As long as the in-built submission feature does actually work for those not as computer savvy!
     
  4. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Via ThreatSense.Net ESET receives thousands of files. When you use email, staff can get your files easier. But in the futere ESET prepares improvements in this thing.
     
  5. ASpace

    ASpace Guest

    Do you have an idea what improvements of ThreatSense.NET exactly ?
     
  6. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    For simple users it won't be change.
     
  7. ASpace

    ASpace Guest


    But for advanced users there will be what ?:rolleyes: Or internal changes in ESET re. this ?
     
  8. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Given this amount of files, is it worth telling someone to send suspicious files this way, or does anything sent just get lost in all the volume? I.e. does Eset still use these files to tailor EAV's definitions?
     
Thread Status:
Not open for further replies.