namazso / virustotal-fpcontacts Goto Github PK

View Code? Open in Web Editor NEW

25.0 2.0 2.0 29 KB

Contacts for VirusTotal scanners

virustotal virus-scanning false-positive antivirus

virustotal-fpcontacts's Introduction

VirusTotal false positive contacts collection

Wall of Shame

These vendors don't provide a free and registration-less way to submit false positives via HTTP or e-mail.

Alibaba ([email protected] rejected my mail as spam)
Baidu ([email protected] bounces with user not found #1)
Cynet ([email protected] is unresponsive)
Kingsoft ([email protected] bounces with user not found #3)
Malwarebytes (login only)
SUPERAntiSpyware (via program interface)
TotalDefense (can submit via landline call WTF??)
Yandex ([email protected] rejects mails #4)

How to send e-mails

Most vendors ask you to zip up the sample with the password "infected". Use ZipCrypto and be sure to write down the password in the email too. A subject line like False positive - <program name> is preferred, as several vendors have automatic email rules for this.

Conditions / priority / contributing

Only submission methods that require no active license, registration, download of a tool is listed. Anything not fulfilling this goes to the Wall of Shame. For ones that do have one of these, online forms are preferred over emails. If the email is linked on their website, the link is preferred since it contains format information.

Table

Product	How to submit
Acronis	https://kb.acronis.com/content/62189
Ad-Aware	https://www.adaware.com/report-false-positives
AhnLab-V3	[email protected]
ALYac	[email protected]
Antiy-AVL	https://www.antiy.net/contacts/
SecureAge APEX	https://uav.secureage.com/falsepositive/
Arcabit	[email protected]
Avast	https://www.avast.com/false-positive-file-form.php
AVG	https://www.avg.com/en-us/false-positive-file-form
Avira	https://www.avira.com/en/analysis/submit
BitDefender	https://www.bitdefender.com/consumer/support/answer/40673/
Bkav	[email protected], [email protected], [email protected]
CAT-QuickHeal	https://www.quickheal.com/submitticket/
Certego	[email protected]
ClamAV	https://www.clamav.net/reports/fp or https://www.immunet.com/false_positive
CMC	[email protected], [email protected]
Comodo	https://www.comodo.com/home/internet-security/submit.php [email protected]
CrowdStrike Falcon	[email protected]
Cybereason	[email protected]
Cylance	https://web.archive.org/web/20190929165253/https://home-support.cylance.com/hc/en-us/articles/360026236014-FAQ-VirusTotal-Inquiry
Cyren	https://www.cyren.com/support/reporting-av-misclassifications
DeepInstinct	[email protected]
DrWeb	https://vms.drweb.com/sendvirus/
eGambit	https://tehtris.com/en/false-positive-negative-requests/
Elastic	https://discuss.elastic.co/t/submitting-false-positives/232322
Emsisoft	[email protected]
eScan	[email protected]
ESET-NOD32	https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#SubmitFile
F-Secure	https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample
FireEye	[email protected]
Fortinet	[email protected]
GData	https://su.gdatasoftware.com/us/sample-submission/
Gridinsoft	https://anti-malware.gridinsoft.com/false-detect/
Ikarus	[email protected]
Jiangmin	[email protected]
K7AntiVirus / K7GW	[email protected]
Kaspersky	https://opentip.kaspersky.com/
Lionic	https://www.lionic.com/reportfp/
MAX (SaintSecurity)	[email protected]
MaxSecure	[email protected] (with program)
McAfee	[email protected]
McAfee-GW-Edition	[email protected]
Microsoft	[email protected] (or login only)
NANO-Antivirus	https://www.nanoav.pro/index.php?option=com_content&view=article&id=15&Itemid=83&lang=en
Palo Alto	[email protected]
Panda	https://www.pandasecurity.com/usa/homeusers/support/contact.htm?ts=1
Qihoo-360	https://www.360totalsecurity.com/en/suspicion/false-positive/
Rising	http://mailcenter.rising.com.cn/filecheck_en/
Sangfor Engine Zero	[email protected]
SentinelOne	[email protected]
Sophos	[email protected]
Symantec	https://symsubmit.symantec.com/
Tachyon	[email protected] (include detection name)
Tencent	[email protected]
Trapmine	[email protected]
Trustlook	[email protected]
TrendMicro	https://www.trendmicro.com/en_us/about/legal/detection-reevaluation.html
VBA32	[email protected]
VirIT	https://www.tgsoft.it/clienti/inviaFile.asp
VIPRE	https://www.vipre.com/support/submit-false-positive/
ViRobot	[email protected]
WebRoot	https://www.webroot.com/us/en/business/support/vendor-dispute-contact-us
Zillya	[email protected]
ZoneAlarm	https://opentip.kaspersky.com/
Zoner	[email protected]

Sources

I'd like to thank these sites for providing valuable information:

virustotal-fpcontacts's People

Contributors

Stargazers

Watchers

Forkers

exoosh rakhithjk

virustotal-fpcontacts's Issues

Lionic contact info

[email protected]

Send as zipcrypto'd .zip with password "infected", 20 MB limit. Same email for malware & false positive submission.

Source: https://www.lionic.com/reportfp/

McAfee-GW-Edition bounces emails from addresses not linked to accounts?

Can anyone reproduce this, or was it a coincidence?

Before account creation

to=<[email protected]>, relay=dnvexwsavin1.avertlabs.com[161.69.31.165]:25, delay=67, delays=6.6/0.02/1.5/59, dsn=5.0.0, status=bounced (host dnvexwsavin1.avertlabs.com[161.69.31.165] said: 550 Denied by policy (in reply to end of DATA command))

After account creation

to=<[email protected]>, relay=dnvexwsavin1.avertlabs.com[161.69.31.165]:25, delay=75, delays=12/0.03/1.5/61, dsn=2.0.0, status=sent (250 Requested mail action okay, completed.)

Consolidated update

Don't email [email protected], doing so automatically signs you up for their newsletter
ZoneAlarm uses Kaspersky's AV engine, any detection issues should be submitted to https://opentip.kaspersky.com/
K7AntiVirus / K7GW's submission address is now [email protected], zipcrypto with "infected". [email protected] bounces due to google oh-so-helpfully rejecting encrypted archives
[email protected] rejected both an email with and an email without an attachment from a protonmail.com domain email address and did not respond to a query to from a gmail.com domain email address

DeepInstinct

https://www.deepinstinct.com/contact-us

[email protected]

Thanks for your inquiry. Our team at Deep Instinct or one of our partners will get back to you soon.

More than 24 hours passed since then.

Antiy-AVL request PKI encryption when submitting samples.

In my opinion consumers cannot use PKI encryption, so the vendor rejects submitting samples.

False Positive
Email: [email protected]
Please use PKI encryption when submitting samples, false positive and other information to avoid data leaks in network communication.
Download the Public Key for false positive here.
Download the Public Key for submitting & other information here.

If not, we cannot solve your problems. And we are really sorry for the inconvenience.
https://www.antiy.net/contacts/

This is Eric Chang, the RD VP of Lionic corporation. Nice to meet you virtually.

I noticed that you published the following two URL -

https://github.com/namazso/VirusTotal-FPContacts

Please allow me to explain two issues -

Actually our newsletter is very easy to unsubscribe.

However, I apologize for feeling our newsletter as spam and promise that we will not automatically subscribe anyone who email to [email protected] mailto:[email protected] and [email protected] mailto:[email protected] from now on.

Please remove Lionic from "Shame of Wall" of "https://github.com/namazso/VirusTotal-FPContacts" https://github.com/namazso/VirusTotal-FPContacts .

In "#4" #4 ,

you mentioned "Don't email [email protected] mailto:[email protected] , doing so automatically signs you up for their newsletter".

Please also remove the above line.

AegisLab is the subsidiary security research laboratory of Lionic.

Due to company policy changed, we decided to focus on Lionic brand.

You may check this on the homepage of https://www.aegislab.com/.

Please replace the AegisLab line in the "Table" of "https://github.com/namazso/VirusTotal-FPContacts" https://github.com/namazso/VirusTotal-FPContacts as { Lionic , https://www.lionic.com/reportfp/ }.

Anyway, we apologize the inconveniences and are willing to improve ourselves.

Therefore, we wish you can help modifying your article.

We want to contribute some of our network security efforts to the Internet community.

Thanks a lot!

[redacted]
T / [redacted]
E / [redacted] Lionic Corporation / https://www.lionic.com/

============================================================================
NOTICE: This message is from Lionic Corporation or its security research laboratory, AegisLab. The whole message including all attachments is CONFIDENTIAL, proprietary and legally privileged. If you are not the intended recipient, you should not disclose, copy or distribute this email.
Please reply to this message and follow with its deletion.
Copyright @ Lionic Corp.

Baidu email no longer valid

Mail to [email protected] is now returned to sender

<[email protected]>: host mx.maillb.baidu.com[12.0.243.41] said: 550 5.1.1

<[email protected]>... User unknown (in reply to RCPT TO command)

and Kingsoft hasn't submitted their program to AV-TEST since 2014: https://www.av-test.org/en/antivirus/home-windows/manufacturer/kingsoft/