Submitting false negatives

I have a flavor of SDbot/Rbot which VirusTotal.com shows that AVAST failed to identify as a threat. While alwil does have a “Virus Incident Report Form,” it doesn’t include a field to provide the email address, does not ask if AVAST already finds the malware and does not provide anyplace to submit a copy of the malware.

What is the best way to submit files for consideration in future AVAST detection database updates?

Hello and welcome :slight_smile:

If you have a sample of a virus that avast! doesn’t detect - you can sent this file to virus[at]avast[dot]com in password protected archive (usually the password is “virus”) and in the mail body you can add some info about the samples :wink:

You could also add it to the virus chest (you don’t want to leave it lying around so to speak) and submit it from there, no need to zip or password protect that’s all done by avast chest submission.

Thanks. I submitted it in a passworded zip. Hopefully it will get added.

I haven’t run into a problem leaving things lying around.

The problem with the anti-virus industry is the underlying premise is to allow by default until found otherwise. It seems to me that in the real world, “security” is a term used for systems that deny by default (keys, swip cards, photo ids, etc) until found otherwise. I have had friends that have fallen victum to the myth that anti-virus is a “security tool” (which sometimes even include a “security center” that shows they have “full protection status”) while the entire time running everything at full administrative level.

I just assume if it is a WinPE formatted file, then it is probably malware until proven otherwise. As long as anything that hasn’t proven itself is kept away from something that can execute Win32 code, then it just remains benign data.