Author Topic: Universal AV low detection  (Read 61008 times)


Offline Pedersen

  • Newbie
  • *
  • Posts: 14
  • Kudos +0/-0
Re: Universal AV low detection
« Reply #1 on: July 30, 2014, 09:48:37 AM »
You scanned the files using ClamAV (local AV) not UAV... Thats the reason for your screenshot.
The rest will be detected within an hour or when you execute them (UAV upload them for sample files)

Offline Yuki

  • Newbie
  • *
  • Posts: 44
  • Kudos +0/-0
Re: Universal AV low detection
« Reply #2 on: July 30, 2014, 10:58:50 AM »
Or you can make complete scan to manually scan them with UAV.
(make sure they're not in the excluded folder before scanning)

But I once found some samples detected in VT are not detected by UAV, though it includes same engine which detected the sample in VT.

I don't know whether it was fixed, sinlam said it was not issue but I don't know what this exactly means.
It's not real security to protect only from malware.

Offline Petrovic

  • Newbie
  • *
  • Posts: 5
  • Kudos +0/-0
Re: Universal AV low detection
« Reply #3 on: July 30, 2014, 11:55:54 AM »
You scanned the files using ClamAV (local AV) not UAV...
ClamAV off
This should not affect the detection through the cloud

Or you can make complete scan to manually scan them with UAV.
)))
Samples should be detected  immediately and not after an hour or more

Another example of:
http://malwaretips.com/threads/2014-07-30-17.30873/#post-235380

It turns out if you turn off ClamAV - Universal AV practically useless when detected samples?
Detection of an hour)))
This is bad :o

Offline sinlam

  • Jr. Member
  • **
  • Posts: 67
  • Kudos +2/-0
    • secureaplus.secureage.com
Re: Universal AV low detection
« Reply #4 on: July 31, 2014, 03:05:25 AM »
Hi
7 files

Universal AV only detects 1 out of 7 files. This is most probably because we don't have the sample files for the rest of the 6 files.



https://www.virustotal.com/en/file/3eb95ac30a1b388e0e068d6583d51b5d34daa76e6c3c24ada979282dd3ef7ab1/analysis/
https://www.virustotal.com/en/file/a7b4c0a88af18f49498d824d4e0eb4ce43f64c78596787c05bd7ef181acaedf0/analysis/
https://www.virustotal.com/en/file/31fe0ebe3d702c3d8f7c3012ff48b2876e95da88e7eab4bbba2a33f64da065dc/analysis/
https://www.virustotal.com/en/file/784010d00b5a857e2d9d362d1223842bcba611738bf68be899b4add7999560ff/analysis/
https://www.virustotal.com/en/file/571e604343e24881bbc6ee2a57837a2e37e8d075b9e33ccf90326c5b13537cdc/analysis/
https://www.virustotal.com/en/file/0f5f56f148437ec9a0d5b4cf77d35be12cc136b7d892acf056d0a1c8248f602e/analysis/

These files have detection antiviruses in the Universal AV list.
What is the reason?

You have quarantined the file, that is detected as virus, so left only 6 files, which was not detected by Universal AV as virus because it does not have the sample yet.

+
Submission of malware samples
https://secureaplusbeta.secureage.com/Beta2/betaportal_challenge_form.php

How else  provide samples?

For samples bigger than 10 MB, you can upload via ftp to ftp://beta.secureaplus.com/challenge/<user_id>. <user_id> is your login id for SecureAPlus Beta Portal. Thank you so much and we do need a lot of samples as we are in the midst of collecting them :)

_____________________________________
SecureAPlus - It is not just another antivirus!
Free download at secureaplus.secureage.com

Offline sinlam

  • Jr. Member
  • **
  • Posts: 67
  • Kudos +2/-0
    • secureaplus.secureage.com
Re: Universal AV low detection
« Reply #5 on: July 31, 2014, 03:33:53 AM »

Samples should be detected  immediately and not after an hour or more

Another example of:
http://malwaretips.com/threads/2014-07-30-17.30873/#post-235380

It turns out if you turn off ClamAV - Universal AV practically useless when detected samples?
Detection of an hour)))
This is bad :o

Hi petrovic, Pedersen and Yuki,

We truly understand all of your concerns. Actually the immediate file upload and immediate scan in the cloud is in our development pipeline for future enhancement. Once the immediate cloud scan engine is ready, we will release a beta version for testing. That is the reason why we are still keeping the beta program alive because of several new features we are going to introduce gradually over time.

As of now,  SecureAPlus only supports batch scanning, i.e. full scan of all files, including the new files,  that we have collected, are performed continuously in the batch scanning. This is to detect malware that was not previously classified as malware but are detected later when virus signature and AV engines in the cloud are updated.
_____________________________________
SecureAPlus - It is not just another antivirus!
Free download at secureaplus.secureage.com

Offline Petrovic

  • Newbie
  • *
  • Posts: 5
  • Kudos +0/-0
Re: Universal AV low detection
« Reply #6 on: July 31, 2014, 09:06:57 AM »
Thank sinlam!

Offline Yuki

  • Newbie
  • *
  • Posts: 44
  • Kudos +0/-0
Re: Universal AV low detection
« Reply #7 on: July 31, 2014, 03:24:56 PM »
Thanks too!
Your explanation addressed a concern which I've been had from beta, but I couldn't told you well thanks to my vocabulary limitation.
I'm looking forward to new beta which has real-time scanning. Very good!
It's not real security to protect only from malware.

Offline sinlam

  • Jr. Member
  • **
  • Posts: 67
  • Kudos +2/-0
    • secureaplus.secureage.com
Re: Universal AV low detection
« Reply #8 on: August 01, 2014, 12:40:43 AM »
Hi Petrovic and Yuki,
You are most welcome :)

Don't worry about your limited vocabulary, Yuki ;) You have given some great suggestions so far :)
_____________________________________
SecureAPlus - It is not just another antivirus!
Free download at secureaplus.secureage.com

Offline Petrovic

  • Newbie
  • *
  • Posts: 5
  • Kudos +0/-0
Re: Universal AV low detection
« Reply #9 on: August 01, 2014, 05:11:28 AM »
For samples bigger than 10 MB, you can upload via ftp to ftp://beta.secureaplus.com/challenge/<user_id>. <user_id> is your login id for SecureAPlus Beta Portal.
Does not work

Offline Yuki

  • Newbie
  • *
  • Posts: 44
  • Kudos +0/-0
Re: Universal AV low detection
« Reply #10 on: August 05, 2014, 06:31:34 AM »
Does not work

What FTP client did you use?
Maybe sinlam of Pedersen will be able to help you.
I was helped much by them about submission via FTP.
It's not real security to protect only from malware.

Offline Petrovic

  • Newbie
  • *
  • Posts: 5
  • Kudos +0/-0
Re: Universal AV low detection
« Reply #11 on: August 05, 2014, 07:09:19 AM »
Does not work

What FTP client did you use?
Maybe sinlam of Pedersen will be able to help you.
I was helped much by them about submission via FTP.
Already works)