Adding a virus to the db

About how long does it take to get a virus (a trojan in this case) added to the virus database? I submitted one to H+BEDV and ALWIL last Thursday. H+BEDV has gotten back to me already but no word at the people from avast. What is the avarage time it takes a virus to be added to the database, or at least have them acknoledge that they will be adding it soon?
BTW, I love avast and wouldnt stop using it.

It’s a lot of work to reply to everyone who sends in things. Alwil has chosen (if I’m correct) not to reply unless there really is a need for it.

Alwil wil release inmediatly a new vps if it is very harmfull/spreads very rapidly. With minor malware they will implemented in the sheduled releases of the vps.

That is how I understand it. If I’m wrong here, I’m sure one of the Alwil people will tab me on the fingers ;D

Win32:Flux [Trj], Win32:Flux-2 [Trj], Win32:Flux-B [Trj] ;D It got added

The 3 I submitted are not added yet. But hey! I submitted them about 10 minutes before they released their new vps ;D ;D ;D
Would be very much surprising if they where that fast, now woudln’t it? grin

Let’s see if the next one has them :wink:

The ones I send them are:
Trojan.Loader.TCS aka Trojan.Dos.Suspision.Cat_a, Loader.J-K
Phoenix.Live.1226 aka Phoenix.Drp.1226, Gen.1226B, 1226(b)

The third one was only detected by Bitdefender (Virtool.Sdne7.A) Since only Bitdefender saw it as infected it could be a false positve.

Since they are rather old, it surprises me Avast doesn’t recognize them already.

Alot of Antiviruses have an option to reply to you if you submit one. I think it would be nice, just to put my mind at ease to have some sort of email reply. Though I could see how they could get busy and not have time to send an email

Perhaps a automated response saying the mail has been received and what exactly is received.
Something like:

We have received the following email from you:
date, time
copy of mail text
name(s) of atachment(s)
thank you for your submission, we will analyze it asap and if needed we will release a new vps.

Perhaps an idea for Alwil to do this. At least people will know that the email has been received in perfect order or not and since it is automated it wouldn’t cost time for them to reply.

That would be quite nice ;D

With vps 437-1, Avast still not picks up the ones I send them :cry:

I just noticed this is post number 56000 on this board ;D

The file I have send to Bitdefender which was recognized as Virtool.Sdne7.A is indeed a false positive. I just received a confirmation from them. They will fix it in the next vps release.

4 vps updates later and the two I send to Alwil are still not added >:(

Try again, Eddy? A second update for today (0438-1) just arrived here, maybe it’s there?

Nope, that was update nr 4 I was talking about.

JOTTI RESULTS from the files I submitted to Alwil. courier.exe was, as I suspected, indeed a false positive and Bitdefender has already solved that.

VPS update number 5 after I mailed the viruses.
With vps 438-3 Avast still not recognizes Trojan.Loader.TCS and Phoenix.Live.1226 :-\

Come on Alwil, normally you people are really fast. What’s going on?

tried resubmit to make sure it was received ?

got answer about Alwil get them ?

Submitted them 2 times. Jotti also submitted them, no response whatsoever. Send them a normal email twice, no respons either. No reaction from Alwil in this thread either.

I honestly must say it is very disappointing and I never expected this from Alwil :-\

Mabey they not viruses then Eddy ::slight_smile:

Or mabey they having problems adding them (not likley), or mabey even they already added them without your knoledge.

–lee

Check the report from Jotti (link is in earlier post here)
Do you really think all those other AV applications are wrong? ;D

And they are not added. (Ofcourse I checked)

HI Eddy,

Yes I agree with you with the virus submissions. I have sent quite a number of samples in detected by other AV for avast to add. Sometimes they are quick and included in next VPS, sometimes after resubmitting they are added a few VPS’s later.

I guess though that if only Myself or yourself are sending in a sample and no one else has sent in the same sample then it is a low risk sample and not ‘in the wild’ Also some virus vendors detect ‘virus creation tools’ whilst others choose not to. I know some virus’s have bugs so they don’t run but still some vendors detect these and other choose not to as the sample is faulty.

I know that when there have been ‘virus outbreaks’ I am sure many of the ‘same virus’ sample are submitted by lots of different users and VPS’s are released asap (even on weekends and as we have seen twice a day sometimes)

Avast has never let me down (its alway detected a virus sample which has been sent to my via e mail mostly mydoom, netsky)

If you want top notch protection it has to be kaspaskey (or F-secure) which use the same engine. KAV add updates every 3 hours! They do have the highest detection rates running in at at between 80-90% detection rates at Jottis scanner. The others all run in beween the high 30’s to 50%.

For the average user avast is good. The heureristics for the e mail scanner alerts to any .exe or other funny/double extensions as possible infected which is good, it updates in the background so you always have the latest VPS and there is a good support forum ;D.

In the future it would be good to have heureristics in the on access program (Nod32, Bitdefender, MKS score well on this)

Also it would be nice to have an automatic reply to say your virus sample has been received!

Just my honest thoughts!! Many Thanks still to Avast for providing a good stable program which is availble free to the home user. That is a real bonus!

Kind Regards

Jlo

Well, as explained already several times on this forum, the samples which come to us fit into several categories which have different priorities. Some of them (the ItW stuff and dangerous stuff) are added immediately (some even initiate the VPS release itself) while others fit into normal not so hot stuff category and are added later. Many boring and unteresting Trojans are added only occationaly - say once in the month.

We are receiving about 500 samples a day nowadays and this number is increasing. Some of the samples are already detected by avast!, others are crap and finally some are new malware. We are not able to answer to all those submissions and explain in detail what they contain - this is really not possible. But we finally add all the dangerous stuff - so you , the users ARE protected.

I hope this explanation will clear the misunderstandings (at least for a while :wink: ) and that you will be more patient in the future :smiley: ;D !

Pavel