Submit a Sample
Methods of Submitting Samples to McAfee Avert
When planning on sending a sample to Avert for review, there are 3 delivery methods
that can be used:
- WebImmune This is the preferred method to submit samples to Avert
as it provides the fastest turnaround time on sample reviews, and provides historical
information of all samples that you have submitted. By accessing
www.webimmune.net and creating a free account you
will be able to upload files directly to Avert's automated systems for review.
If the automated system is unable to determine a threat exists then the issue will
be escalated to Avert Analysts. More information about Webimmune can be found at
https://www.webimmune.net/faqs.asp
.
- E-mail This is the preferred method for submitting possible Adware
or Spyware samples. You can send e-mails directly to Avert's automated systems
for review. If the automated system is unable to determine a threat exists then
the issue will be escalated to Avert Analysts.
- Standard Mail This is the least preferred method as submitting
samples in this way will cause the longest turnaround time for review of your sample.
When submitting a sample through WebImunne there are several questions that you
are asked to fill out regarding your operating system, the Anti Virus product you
are using, and information about the file/s that you are submitting. Filling this
information out as completely as possible will assist Avert in processing your sample
quickly.
With any sample that is submitted to Avert via E-mail it is best that you provide
additional information on what symptoms you are seeing and basic information on
your operating system. Providing the below information along with your sample will
help speed the sample review process:
- A list of all files contained in the sample submission, including a brief description
of where or how the files were found
- What symptoms cause you to suspect that your machine is infected
- Whether any products find a virus (version number, company, virus name given)
- Your McAfee Antivirus Product information (Product, Engine and Dat versions)
- System details that may be relevant (Operating System, Service Packs)
- Your name, company name, phone number and email address if possible
Before submitting any samples to Avert, it is important that you continue reading
this page in order to understand everything that is needed when submitting a sample
to Avert.
Maximizing The Chance Of Capturing The Possible Virus
When capturing a sample for Avert, it is best that your machine is running in the
apparently infected state. This means ensuring that the machine is started up as
normal; not started up from a boot disk, in safe mode, or booted to a command prompt.
Capturing the Samples
Usually there is a file that you feel is suspicious and that is what you will want
to submit to Avert. However, there can be additional files associated with threats
and you will want to try and capture as many of those as possible.
Before starting to capture files for submission, create a temporary folder on your
system in which to store any files that you will be submitting to Avert. Creating
C:\AvertSamples would be a good folder as the name explains what is in the folder,
as well as making it easy to browse to when ready to package and submit the samples.
- On Windows XP systems, click START RUN, type MSCONFIG and hit ENTERClick
the Startup tab . If any files in the COMMAND field do not look familiar, copy those
files to the temporary folder you created.
- Non-Windows XP users:
- Run Regedit and go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run and review the files associated with this key. If any files do not look familiar,
copy them to the temporary folder you created.
- Run Regedit and go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices and review the files associated with this key. If any files do not look
familiar, copy them to the temporary folder you created.
- Run Regedit and go to HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\
Run and review the files associated with this key. If any files do not look familiar,
copy them to the temporary folder you created.
- Open your Win.ini and system.ini files and review the Load= and Run= lines and copy
any files associated with those lines to the temporary folder you created.
If you believe that you have a Macro virus:
- Microsoft Word - Copy normal.dot and every file from the Microsoft Office Startup
folder, normally located in Program Files\Microsoft Office\Office\Startup to the
temporary folder you created.
- Microsoft Excel - Copy all the files from the \XLSTART folder to the temporary folder
you created.
- Microsoft PowerPoint - Copy Blank Presentation.pot to the temporary folder you created.
Packaging the Samples for Delivery
Depending on the submission method that you are going to use, there are different
ways to package the files:
WebImmune Submissions With WebImmune, you have the ability to directly
upload individual files to Avert' s automated systems. When you logon to WebImmune
you will see the Scan A File option on the right hand side of the screen. Clicking
that link will take you to a page from which you can browse your system to upload
the file.
If you have multiple files to submit to WebImmune you can add the files into a .ZIP
file and submit that. When creating this .ZIP file, it is important to understand
that the .ZIP can be no more than 3 megabytes in size and can contain no more than
30 files.Additionally, any .ZIP file created must be password-protected using the
password infected. Failure to follow these guidelines will cause your submission
to be rejected.
E-Mail Submission Unlike WebImmune, when submitting samples via
E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file,
it is important to understand that the .ZIP can be no more than 3 megabytes in size
and can contain no more than 30 files. Additionally, any .ZIP file created must
be password-protected using the password infected. Failure to follow these guidelines
will cause your submission to be rejected.
When submitting the sample via E-mail, send it to the global
virus_research@avertlabs.com e-mail address. If you are submitting possible
Adware or Spyware, submit the sample to
spyware_research@avertlabs.com with the subject line "MAS Content".
Standard Mail Submission Copy all the files from the temporary folder that you created
onto a floppy diskette, or several if you have too many files to fit on a single
floppy diskette.Additionally, if you have a Writable CD you can copy the samples
to there as well.Any diskettes or CD's sent to Avert will not be returned.Below
are the e-mail addresses for the various Avert sites that are authorized to receive
standard mail submissions:
- In the US : McAfee Inc.
-
Virus Research
-
20460 NW Von Neumann Drive
-
Suite 100
-
Beaverton, OR 97006
- In Australia: McAfee Inc.
-
Virus Research
-
Level 19, 201 Miller Street
-
North Sydney NSW 2060
-
Australia
- In Germany: McAfee Inc.
-
Virus Research
-
Luisenweg 40
-
20537 Hamburg
-
Germany
- In the UK: McAfee Inc.
-
Virus Research
-
Gatehouse Way
-
Aylesbury, Bucks HP19 3XU
-
UK
- In Europe: McAfee Inc.
-
Virus Research
-
Gatwickstraat 25
-
1043 GL Amsterdam
-
Netherlands
- In Japan: McAfee Inc.
-
Virus Research
-
Shibuya Mark City West 20F
-
1-12-1 Dougenzaka,Shibuya-ku
-
Tokyo
-
Japan 150-0043
- In India: McAfee Software (India) Pvt. Ltd.
- Virus Research
- Embassy Golf Links Business Park
- Pine Valley - 2nd floor
- Off Koramangala Inner Ring Road
- Bangalore 560071, India
- virus_research@avertlabs.com
What NOT to Send When using standard mail to send samples to Avert
only use floppy diskettes or CD's. Any other media (such as ZIP Drives, Hard Drives,
Full Computer Systems) will not be reviewed and will not be returned.
