Submitted files to the Avast virus lab

Hi to all,

New user here so hope this is the right board to post this on as I have searched the forum headings here for an answer but can not see any threads relating to this.

My question is re sending files (Malware or FP`s) in to Avast, Once I have sent the file in to the lab what response will I receive, doesthe Avast lab send me a detailed report on the file/files submitted so I can take the appropriate action or just an automated response which would not be very helpful? ???

Impute would be much appreciated as I feel this is an extremely important part of any AV`s services to a user.

-= It will be snet via next update… You may force an update via righ click on avast tray icon → Update → Program Updates…

-= A dialog box displaying “submitting file” will show progress during that time… IF you miss it… You may check for avast setup log at Program Files/Alwil/Avast/Setup/ open the setup log and you might find some sort of this:

12:30:55 nrm/pkg Transferred: files 0, bytes 0, time 0 ms

  if file was successfully sent..

Hi Fenrir,

Thanks for the quick reply but it does not answer my question, will I receive a detailed report from the lab after they have analysed it regarding my uploaded files content? IE is it Malware and if so what type and description, so I can act on this information. :wink:

Hi,

With more than 75,000,000 “customers” it would be an extremely and unreasonably costly burden to provide personal reports. As a free Home user when I once submitted an FP it was quickly rectified which I discovered when it was no longer reported.

If you do have an “unfixed” problem you can always report it here on this forum.

My regards

Correction:
Yo Kenny has drawn attention the news that it’s now > 80,000,000 customers

[font=Segoe UI]-= From what I know, no… They don’t send any detailed reports about the file you sent… You might just notice a change after it was/wasn’t added to the database updates…

-= By the way… What was the file… You may consider uploading it to VirusTotal for an overview of its harmlessness…

Hi,

It was just a question as I am testing Avast free and its capabilities, but am a little disappointed >:( as most other AV vendors offer this lab service even on there free software. :slight_smile: Emails cost nothing once you have the system in place, so the amount of users really does not come into the equation.

One thing I am impressed with is the forum response to new threads opened by the uninitiated.

Hi,

I have no idea about any real statistics but just suppose that every day one in every 10,000 customers notifies details of a single FP.

This would entail 8,000 (almost pointless) daily replies. In my experience customers like “quick fixes” rather than reports.

Many years ago I did help an organisation with some 5,000,000 pretty active customers and their Information Technology and Command and Control systems were complex and demanding - so you can guess where all my sympathies lie.

My regards

Hi Mike,

Each to there own, but personally an AV without this virus lab basic feedback capability does not help the home user especially the novice who Malware knowledge would be extremely limited make any kind of decision as to the detected files real content. And if a FP is detected as Malware and quarantined then deleted before the VDF files have been updated then this could cause a potential system failure if it happened to be a system file. :cry:

I will continue to test the various modules as it seems a fair AV solution but defiantly not take Avast forward, thank you again for you quick and prompt answers. :wink:

Well an auto-responder would work if you sent in a sample by email, but what would you get out of that other than knowing that the sample was received. Previously the only time you got any response was if they needed more information.

The new submission method (from the chest) isn’t emailed, but uploaded directly to Alwil, so they may not even know your email if you added one. So for new samples there is I believe an element of automation (analysis) to determine if it is considered malware and if so what priority to assign to its further analysis and inclusion in the VPS Updates.

avast are usually quick to correct identified and acknowledged FPs, so periodically scanning the file from within the chest (after a VPS update), when it is no longer detected it has been corrected and an update maid to the VPS. When it is no longer detected you can Restore it from within the chest to the original location.

For new samples, you can add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Hi DavidR,

I would not be interested in an automated response, but a detailed file report on the file/files uploaded to the virus lab.
I am sure all here are more than happy Avasts system protection and the way Avasts virus lab works if you are unlucky enough to get a detection, but as I said previously this is a personal requirement I have of a good AV and its user backup service. And the way Avast works to me seems to far detached from the end user when it comes to this kind of user backup.

-= Same here, I want a report, even if it wasn’t detailed; providing only the word “Infected” or “Clean” together with it’s effect on my PC…

Hi,

Finally convinced about Avast from this thread http://forum.avast.com/index.php?topic=46238.0 asking the user to upload to virus total, >:( there should be no need for this and Avast`s way of dealing with files sent to the lab in my humble view needs updating with regards to user feed back from the lab about submitted files.
The user should NOT have to try and figure out if they are Malware or harmless at the end of the day this should be part of the AV software package be it subscription or free.

AnvTrgr.exe = Rougeware
O20 - AppInit_DLLs: sdters.dll = Exploit
And both need to be removed, not just talked about.

Apart from this I did find Avast free reasonable with regards to detecting Malware that I ran but there are more comprehensive free AV`s, to end I wish all users here safe surfing. :wink:

The whole point of using virustotal is it has 39-40 scanners and that can give confirmation one way or another ‘quickly.’ So in the absence of your getting a reply clean or infected from Alwil this is the easiest/quickest way and that is why we suggest it.

Hi DavidR,

I appreciate why you have to suggest this method as Avast leave you no alternative, and this is my whole point that today’s age of technology it should not be necessary for a user to have to do this.
If you look into many other free AV`s you will see that Avast is lagging behind in this, and in my opinion extremely important area.
But as I hinted previously the Avast engine is not bad and did a fair job. I wish all here the best and hope that maybe at some point in the future as Fenrir hinted a simple clarification with a submitted file ID number will be put into place to help the end user. :slight_smile:

Barrie,

You said “But as I hinted previously the Avast engine is not bad and did a fair job.”

But you asked a hypothetical question and quoted examples of possible infections from another thread.

In the course of a few days you tested Avast. How? Did you visit dangerous sites?

Since you have not personally reported a single infection or FP you should have concluded the Avast engine is significantly better than “not bad” and that it did a perfect job for you.

My regards

Hi Mike,

I have a lot of saved Malware as I take part in AV beta testing so it is good to have both old and new in an arsenal for this purpose, and to be fair found the Avast engine not bad defiantly but not perfect, that is an unattainable % for any AV and I have never seen a vendor put that in writing. One area that it did not seem to see what I had was a few infected IFrames, I would have looked at the web shield module first for these detections and if missed then the Guard, but there was nothing. :-[

I was testing for personal use and do not see that your submission procedure would in any way benefit either myself or your users as I WANT CLARIFICATION regarding any submitted files I send in to the lab which this software package will not do / allow. And the real crazy thing is even if I did send a file in it would not be picked up until there was an update, what the heck is that about defiantly no urgency here. ???

We could go on discussing this for many days but I will stand by what I have said. And again wish all here well and safe surfing. :slight_smile:

Barrie,

Out of the blue you raise a new concern. Now, you appear to be saying that Avast did not detect some infections. However, whereas your good wishes are worthless to Avast users the submission of those detections might be of help to some of us.

Please read my precise words without your unnecessary interpretation of them. They were:
Since you have not personally reported a single infection or FP you should have concluded the Avast engine is significantly better than “not bad” and that it did a perfect job for you.

Avast is exceptionally effective, as evidenced by independent tests. So I ask how many 100 thousand malwares do you have stored, how many you tested, and how many Avast failed to detect?

You have repeatedly stated what you want so please do not bother to regurgitate that view.

My regards

Btw, if you follow some malware-related forums, you know that sometimes a user sends a file sample to ten antivirus companies (who do send the analysis results) - and half of them reponds that the file is infected, another half that the file is clean. So, the question is whether it’s really of any good.

I’m not saying that there shouldn’t be some response-system in place (and I hope it will be in the future, but the underlying infrastructure has to be built first) - but I’m not sure how much you can rely on that (especially in the case of false positives - where you basically don’t trust your antivirus if you’re asking for confirmation - so why should you trust that?)

If all you are interested in is test result then look here at what AV-Comparatives say for there 2008 results.

http://www.av-comparatives.org/images/stories/test/summary/summary2008.pdf

And for even more detail here
http://www.av-comparatives.org/comparativesreviews/main-tests/summary-reports

Tests mean not a lot it is how we the end users find how what ever the relevant software works and reacts to the every changing Malware that continually bombards us.

i wonder what You trying to say ?
You think Igor as part of the Alwil team isn’t aware of AV comparatives test theirs product took part in ?

not to mentionny any ‘security aware’ person on this forum is already aware of AV comparatives existance and tests :slight_smile: