EvilZone

Community => General discussion => : edu19 May 26, 2014, 11:40:38 AM

: Reliable Antivirus/Antispyware site to send out files
: edu19 May 26, 2014, 11:40:38 AM
Hi people. I would like to know a good and trustworthy site to test files against Antivirus and Antispyware softwares that won´t send them to the Vendors. It is just a non-malicious, large file that I compressed with UPX (it is free simple to use and popular). Since AVs. and ASs. are dumb they may start detecting the file as malicious for the simple fact it was compressed.

Thanks in advance.
: Re: Reliable Antivirus/Antispyware site to send out files
: proxx May 26, 2014, 12:19:39 PM
Hi people. I would like to know a good and trustworthy site to test files against Antivirus and Antispyware softwares that won´t send them to the Vendors. It is just a non-malicious, large file that I compressed with UPX (it is free simple to use and popular). Since AVs. and ASs. are dumb they may start detecting the file as malicious for the simple fact it was compressed.

Thanks in advance.
What do you think those websites are for, I seriously doupt anyone is willing to pay such massive hosting costs just for giggles.
: Re: Reliable Antivirus/Antispyware site to send out files
: d4rkcat May 26, 2014, 12:38:50 PM
I think there is a way to just send the hash of your binary to virus total.
That way they do not get the binary to analyse.
https://www.virustotal.com/en/documentation/searching/#getting-file-scans
: Re: Reliable Antivirus/Antispyware site to send out files
: Architect May 26, 2014, 05:32:33 PM
You never upload files in their entirety, as this leaves your files open to analysis by whoever sees the file on the other side. And it leaves you at risk to expose your files that contain malware to the world. And it creates a signature for that particular file, which is then pushed in the next virus definitions. All of this is bad. If you want to be on the safe side, I recommend against it.
: Re: Reliable Antivirus/Antispyware site to send out files
: proxx May 26, 2014, 05:46:40 PM
You never upload files in their entirety, as this leaves your files open to analysis by whoever sees the file on the other side. And it leaves you at risk to expose your files that contain malware to the world. And it creates a signature for that particular file, which is then pushed in the next virus definitions. All of this is bad. If you want to be on the safe side, I recommend against it.
My point with more eloquence.
: Re: Reliable Antivirus/Antispyware site to send out files
: iTpHo3NiX May 26, 2014, 07:16:11 PM
Trustworthy and antivirus don't belong in the same sentence. The point of these mass online scanning sites is to detect viruses and share them with antivirus companies. Also most AVs will throw out false positives on anything packed with UPX.

Back in the XP days when I would make WPI's I would UPX silent installers to fit on a 700mb disk and was a complete disaster once any AV was installed.

What I suggest is a Slim VM environment with several of the leading AVs on them

Most people use the following:
-bit defender
-Norton
-McAfee
-avg
-avast
-avira
-kasperky
-malwarebytes

However most systems don't do well with several AVs on one machine so multiple VMs, update and then take offline, use a machine freeze app like deepfreeze so when you shutdown the VM all changes are removed. Test and run your virii to ensure the file is undetected as a file and at runtime. When you reboot your VM there is no trace and no internet for the AVs to send it out for further exploration

If you want to share your file with AVs you have a few that I can think of off the top of my head, dunno if they still exist haven't used them in years...

Virustotal, novirusthanks, virusscan jotti, kasperky online, Norton online, bitdefender online, and I think avira has an online scanner as well
: Re: Reliable Antivirus/Antispyware site to send out files
: edu19 May 27, 2014, 04:30:53 AM
thank you very much for the feedbacks, folks. Well the program itself is not malicious in anyway, the problem is the size is large just that. DeepCopy, you´re damn right the best way to do it is on a VM with like 1 or 2 AVs (maximum) installed for testing, preferably with the internet cable disconnected just in case of false positives and the risk of them sending the file to their db.

I tested on a machine in my local network that has Kaspersky up to date. Did not detect anything. Let´s see the others now. :)

 +1 to everyone :)

PS: sorry for the above quote post, it was supposed to modify the first reply but it quoted.

Staff note: do not double post FFS!!!
: Re: Reliable Antivirus/Antispyware site to send out files
: Deque May 27, 2014, 07:44:48 AM
thank you very much for the feedbacks, folks. Well the program itself is not malicious in anyway, the problem is the size is large just that. DeepCopy, you´re damn right the best way to do it is on a VM with like 1 or 2 AVs (maximum) installed for testing, preferably with the internet cable disconnected just in case of false positives and the risk of them sending the file to their db.

I tested on a machine in my local network that has Kaspersky up to date. Did not detect anything. Let´s see the others now. :)

 +1 to everyone :)

PS: sorry for the above quote post, it was supposed to modify the first reply but it quoted.

Staff note: do not double post FFS!!!

Keep in mind that the AV on your machine also sends out binaries.
: Re: Reliable Antivirus/Antispyware site to send out files
: proxx May 27, 2014, 08:18:08 AM
Keep in mind that the AV on your machine also sends out binaries.
preferably with the internet cable disconnected just in case of false positives and the risk of them sending the file to their db.
: Re: Reliable Antivirus/Antispyware site to send out files
: Deque May 27, 2014, 01:15:27 PM
@proxx

(http://cdn.firearmstalk.com/forums/attachments/f20/17474d1281667168-ar-picture-thread-a_tip_of_the_hat.jpg)