一次上报样本给迈克菲的经历

wangyuhe

昨天在样本区发现迈克菲miss pony,pony2两个样本,遂上传。昨天晚上9.30上传，今天凌晨2.00收到回信，好像是给了解决方法，让我手动添加到本地病毒库里（邮箱附件），然后说准备更新入库。不过今天中午升级依旧不能查杀，看来入库还是慢，比不上ESET，卡巴，不过官方的态度还是蛮不错的，写了很多，客服态度也很好。
McAfee Labs Sample Analysis，

ID Number:  10589066   Identified: Generic.TRA

Synopsis:

Thank you for submitting your suspicious file(s) for analysis. Attached is an EXTRA.DAT file for extra detection.

Solution:

The attached EXTRA.DAT file will detect the following submitted files:

Filename            MD5 digest                                                      
--------            ----------                                                      
pony2.exe           058bf1e8af9fc7cd82505d497fe65ebd                                 
pony.exe            233f9fd4175c6f3428956ba2599075e7                                 

The EXTRA.DAT file should be copied into the directory where the other DAT files reside (ex: C:\Program Files\Common Files\McAfee\Engine).
Additional information, including steps to deploy EXTRA.DAT files, is available in the following location:

http://www.mcafee.com/us/threat-center/system-help/extra-dat.aspx

  

Support:

McAfee Labs accepts file samples for analysis and possible inclusion into AV signature DAT updates.
Additional information for submitting samples to McAfee is available in the following location:

https://kc.mcafee.com/corporate/index?page=content&id=KB68030

Product related questions and comments can be addressed via Technical Support and Customer Services, including:
* Assistance with detection and cleaning or removal of malware
* Product installation and update questions
* Product usage questions

Please use the following links to reach our Technical Support group:
Business Customers:

http://www.mcafee.com/us/support.aspx

Home Customers:

http://home.mcafee.com/root/support.aspx

Regards,
McAfee Labs: McAfee Labs

McAfee Labs:

http://www.mcafee.com/us/threat-center.aspx

McAfee Labs Blog:

http://blogs.mcafee.com/mcafee-labs

*Disclaimer*
McAfee Labs researchers subject EXTRA.DAT files to a careful automatic test suite to verify their detection, and in order to reduce the possibility of "false alarm" detections or other issues and to improve their overall reliability. Note, however, that the McAfee Quality Assurance team has NOT tested or approved these files for release. McAfee makes no warranty that these files will be free from errors or other interruptions or that they will meet your requirements. To the maximum extent permitted by applicable law, MCAFEE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT WITH RESPECT TO THESE FILES.  Some states and jurisdictions do not allow limitations on implied warranties, so the above limitation may not apply to you. The foregoing provisions shall be enforceable to the maximum extent permitted by applicable law.

飞碟1234

这算是官方的惯例，先给你一个extra.dat，手动添加，这样救急使，然后等官方入库更新。就可以根本解决问题。但是咖啡的入库流程实在是慢，没兴趣折腾了。

jone_jys

大公司流程多，通病。
这样的好处是处理比较完善，但是效率太低了。

下面提到的误报，我连续上报好几封邮件才解除。
https://bbs.kafan.cn/forum.php?m ... ;extra=#pid41854667

wangyuhe

哦

欧阳宣

这件事两三年前我天天要重复四五次，绝大部分情况下没有什么后续

kxmp

然后入库了之后你才发现其实只是普通的hash拉黑

wangyuhe

好吧ヽ( ￣д￣;)ノ