SecureAPlus Forum

Forum Support => Software Problems and Questions => Topic started by: Petrovic on July 30, 2014, 07:21:39 AM

Title: Universal AV low detection
Post by: Petrovic on July 30, 2014, 07:21:39 AM
Hi
Quote
Currently, there are 11 antivirus engines in the Universal AV Server, namely Emsisoft, Avira, McAfee, Microsoft Security Essential, Eset, Bitdefender, AVG, Norman, Quick Heal, Total Defense and Clamwin.

7 files
(http://upyourpic.org/images/201405/a6g19fue5x.jpg)
(http://upyourpic.org/images/201405/nsxuzyx6zt.jpg)

https://www.virustotal.com/en/file/3eb95ac30a1b388e0e068d6583d51b5d34daa76e6c3c24ada979282dd3ef7ab1/analysis/
https://www.virustotal.com/en/file/a7b4c0a88af18f49498d824d4e0eb4ce43f64c78596787c05bd7ef181acaedf0/analysis/
https://www.virustotal.com/en/file/31fe0ebe3d702c3d8f7c3012ff48b2876e95da88e7eab4bbba2a33f64da065dc/analysis/
https://www.virustotal.com/en/file/784010d00b5a857e2d9d362d1223842bcba611738bf68be899b4add7999560ff/analysis/
https://www.virustotal.com/en/file/571e604343e24881bbc6ee2a57837a2e37e8d075b9e33ccf90326c5b13537cdc/analysis/
https://www.virustotal.com/en/file/0f5f56f148437ec9a0d5b4cf77d35be12cc136b7d892acf056d0a1c8248f602e/analysis/

These files have detection antiviruses in the Universal AV list.
What is the reason?

+
Submission of malware samples
https://secureaplusbeta.secureage.com/Beta2/betaportal_challenge_form.php

How else  provide samples?


Thank you and have a excellent day!
Petr
Title: Re: Universal AV low detection
Post by: Pedersen on July 30, 2014, 09:48:37 AM
You scanned the files using ClamAV (local AV) not UAV... Thats the reason for your screenshot.
The rest will be detected within an hour or when you execute them (UAV upload them for sample files)
Title: Re: Universal AV low detection
Post by: Yuki on July 30, 2014, 10:58:50 AM
Or you can make complete scan to manually scan them with UAV.
(make sure they're not in the excluded folder before scanning)

But I once found some samples detected in VT are not detected by UAV, though it includes same engine which detected the sample in VT.

I don't know whether it was fixed, sinlam said it was not issue but I don't know what this exactly means.
Title: Re: Universal AV low detection
Post by: Petrovic on July 30, 2014, 11:55:54 AM
You scanned the files using ClamAV (local AV) not UAV...
ClamAV off
This should not affect the detection through the cloud

Or you can make complete scan to manually scan them with UAV.
)))
Samples should be detected  immediately and not after an hour or more

Another example of:
http://malwaretips.com/threads/2014-07-30-17.30873/#post-235380

It turns out if you turn off ClamAV - Universal AV practically useless when detected samples?
Detection of an hour)))
This is bad :o
Title: Re: Universal AV low detection
Post by: sinlam on July 31, 2014, 03:05:25 AM
Hi
7 files
(http://upyourpic.org/images/201405/a6g19fue5x.jpg)

Universal AV only detects 1 out of 7 files. This is most probably because we don't have the sample files for the rest of the 6 files.

(http://upyourpic.org/images/201405/nsxuzyx6zt.jpg)

https://www.virustotal.com/en/file/3eb95ac30a1b388e0e068d6583d51b5d34daa76e6c3c24ada979282dd3ef7ab1/analysis/
https://www.virustotal.com/en/file/a7b4c0a88af18f49498d824d4e0eb4ce43f64c78596787c05bd7ef181acaedf0/analysis/
https://www.virustotal.com/en/file/31fe0ebe3d702c3d8f7c3012ff48b2876e95da88e7eab4bbba2a33f64da065dc/analysis/
https://www.virustotal.com/en/file/784010d00b5a857e2d9d362d1223842bcba611738bf68be899b4add7999560ff/analysis/
https://www.virustotal.com/en/file/571e604343e24881bbc6ee2a57837a2e37e8d075b9e33ccf90326c5b13537cdc/analysis/
https://www.virustotal.com/en/file/0f5f56f148437ec9a0d5b4cf77d35be12cc136b7d892acf056d0a1c8248f602e/analysis/

These files have detection antiviruses in the Universal AV list.
What is the reason?

You have quarantined the file, that is detected as virus, so left only 6 files, which was not detected by Universal AV as virus because it does not have the sample yet.

+
Submission of malware samples
https://secureaplusbeta.secureage.com/Beta2/betaportal_challenge_form.php

How else  provide samples?

For samples bigger than 10 MB, you can upload via ftp to ftp://beta.secureaplus.com/challenge/<user_id>. <user_id> is your login id for SecureAPlus Beta Portal. Thank you so much and we do need a lot of samples as we are in the midst of collecting them :)

Title: Re: Universal AV low detection
Post by: sinlam on July 31, 2014, 03:33:53 AM

Samples should be detected  immediately and not after an hour or more

Another example of:
http://malwaretips.com/threads/2014-07-30-17.30873/#post-235380

It turns out if you turn off ClamAV - Universal AV practically useless when detected samples?
Detection of an hour)))
This is bad :o

Hi petrovic, Pedersen and Yuki,

We truly understand all of your concerns. Actually the immediate file upload and immediate scan in the cloud is in our development pipeline for future enhancement. Once the immediate cloud scan engine is ready, we will release a beta version for testing. That is the reason why we are still keeping the beta program alive because of several new features we are going to introduce gradually over time.

As of now,  SecureAPlus only supports batch scanning, i.e. full scan of all files, including the new files,  that we have collected, are performed continuously in the batch scanning. This is to detect malware that was not previously classified as malware but are detected later when virus signature and AV engines in the cloud are updated.
Title: Re: Universal AV low detection
Post by: Petrovic on July 31, 2014, 09:06:57 AM
Thank sinlam!
Title: Re: Universal AV low detection
Post by: Yuki on July 31, 2014, 03:24:56 PM
Thanks too!
Your explanation addressed a concern which I've been had from beta, but I couldn't told you well thanks to my vocabulary limitation.
I'm looking forward to new beta which has real-time scanning. Very good!
Title: Re: Universal AV low detection
Post by: sinlam on August 01, 2014, 12:40:43 AM
Hi Petrovic and Yuki,
You are most welcome :)

Don't worry about your limited vocabulary, Yuki ;) You have given some great suggestions so far :)
Title: Re: Universal AV low detection
Post by: Petrovic on August 01, 2014, 05:11:28 AM
For samples bigger than 10 MB, you can upload via ftp to ftp://beta.secureaplus.com/challenge/<user_id>. <user_id> is your login id for SecureAPlus Beta Portal.
Does not work
Title: Re: Universal AV low detection
Post by: Yuki on August 05, 2014, 06:31:34 AM
Does not work

What FTP client did you use?
Maybe sinlam of Pedersen will be able to help you.
I was helped much by them about submission via FTP.
Title: Re: Universal AV low detection
Post by: Petrovic on August 05, 2014, 07:09:19 AM
Does not work

What FTP client did you use?
Maybe sinlam of Pedersen will be able to help you.
I was helped much by them about submission via FTP.
Already works)