Full Disclosure mailing list archives
Re: Symantec Contact?
From: "Steven Adair" <steven () securityzone org>
Date: Tue, 18 Sep 2007 11:00:43 -0400 (EDT)
I'm not sure exactly why they do not accept submissions from the general non-customer public, but I am sure there is a good reason. Chances are the most likely have the sample you are coming across from one source or another. They probably also get a much larger number of duplicates for something they already detect as a result too. If you're not a customer and you're submitting it, you might not realize they already detect it. If you put it in VirusTotal or one of those sites -- they're probably going to get it from them anyway. :D I have submitted through the Gold and Platinum support before and received pretty quick updates to the general virus definitions. If not there, they usually fire them out in an optional rapid release (not tested for everyone or every product). Personally, I haven't really run into massive delays in my past experiences with them. Steven securityzone.org
What's really Sad is that Symantec does not have an option for the general public (i.e. Independent Virus Researchers) to submit virus samples . You have to either A. Submit it through their product. B. Have a Corporate Support contract. Guess they don't want new samples. -S On 9/17/07, Joel R. Helgeson <joel () helgeson com> wrote:Symantec is notoriously slow to release AV updates, because while they may have the AV signature available within the hour, they hold it back until they have the signature configured and working for all versions of all their products running on all platforms, which at last count was over 2.45 gazillion (and counting). They state that they don't want to issue partial releases for different products, which makes sense. If you have version xxx.yyyy.z of the definition file, then you're covered against the FOO variant of the BAR virus, irrespective of whatever Symantec application, platform, or version you're running. The downside is that they take a LONG time to release signatures, as you have now seen. I do not use Symantec, as too often they have been the single point of failure in the enterprise, and one should not underestimate the system slowdown brought on by 15 years of code bloat. -joel -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Beauchamp, Brian Sent: Monday, September 17, 2007 12:28 PM To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Symantec Contact? That's where I submitted our file to yesterday. It's funny that less then 5 minutes ago I received an email that the defs had been updated to include this variant. ________________________________ From: Theodore Pham [mailto:telamon () CMU EDU] Sent: Mon 9/17/2007 1:13 PM To: Beauchamp, Brian Subject: Re: [Full-disclosure] Symantec Contact? Submit the sample to Symantec via http://www.symantec.com/avcenter/submit.html They've been pretty responsive in the past, though I haven't needed to submit a sample in over a year. Ted Pham Information Security Office Carnegie Mellon University Beauchamp, Brian wrote:Does anyone have a contact within symantec? We have numerous infections of the W32/Sdbot-DHS worm (http://www.sophos.com/virusinfo/analyses/w32sdbotdhs.html). MostmajorAV vendors are updating their definitions to block it, one of themisn'tSymantec. We have created a removal kit but the machines keep being reinfected since they cannot all be disinfected at once (limitednetworkaccess). We have submitted a virus sample last week and have contacted oursalesrep neither are giving a helpful response. Aside from cutting over to sophos AV client, Any ideas? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Symantec Contact? Beauchamp, Brian (Sep 17)
- Message not available
- Re: Symantec Contact? Beauchamp, Brian (Sep 17)
- Re: Symantec Contact? Joel R. Helgeson (Sep 17)
- Re: Symantec Contact? Social-D (Sep 17)
- Re: Symantec Contact? Steven Adair (Sep 18)
- Re: Symantec Contact? Morning Wood (Sep 18)
- Re: Symantec Contact? Simon Smith (Sep 18)
- Re: Symantec Contact? J. Oquendo (Sep 18)
- Re: Symantec Contact? Social-D (Sep 18)
- Re: Symantec Contact? Beauchamp, Brian (Sep 17)
- Message not available
- <Possible follow-ups>
- Re: Symantec Contact? tw34k3r (Sep 18)