To better support you as a Web Gateway customer, McAfee has improved the processing of your virus and anti-malware submissions.
Obtaining a sample
To accurately diagnose a suspected false detection, you must collect samples from within your environment. Use the instructions in the Virus To File.pdf, which is attached to this article, to obtain, compress, and encrypt the sample directly from the MWG appliance.
Submitting the sample
Use the MWG virus detection block page to determine where to submit the sample:
For GAM versions v2015 and later, engine information is no longer provided by the API. This version is implemented in MWG 7.6.x and later.
IMPORTANT: For all submission processes, you must send the sample as a compressed and encrypted .zip file, using the word
infected (lowercase, without quotes) as the encryption password.
McAfee Gateway Anti-Malware (GAM)
Submit the sample in a Service Request:
After you have collected and encrypted the sample using the Virus To File.pdf file, open a Service Request with Technical Support to submit the sample:
https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR.
NOTE: Ensure that you select
Product (not Malware) as the source of your problem, and select
Web Gateway in the Product field.
With the sample, provide:
- MWG version
- GAM Engine version: You can find the version in the MWG user interface (UI) at Dashboard, Gateway Engine.
- Gateway DAT version: You can find the version in the MWG UI at Dashboard, Gateway DATs.
- Found_viruses.log: You can find this log in the MWG UI at Troubleshooting, Log Files, User-defined-logs, Found_viruses.log. Ensure that Body.FullFilename is being logged, and provide the found_viruses.log that encompasses the time frame of the problem.
- Sample URL that led to the detection.
- The detection name of the potential false positive from your block page.
McAfee AV
Perform the GetSusp submission steps in
KB68030 to submit suspected false positive detections for analysis.
Avira
Use the Avira submission website:
https://analysis.avira.com/en/submit. After you submit a sample to Avira, you will receive an automated notification email to confirm the submission status and associated Avira tracking number. You will receive a final notification with the resolution within two days.
NOTES:
- If the Avira sample is larger than 50 MB, open a Service Request with MWG Technical Support to submit the sample. You can submit an SR from the ServicePortal at https://support.mcafee.com.
- If you do not receive a timely response after you submit the samples, or if you disagree with the analysis provided by Avira, open a Service Request with MWG Technical Support. Include the Avira tracking number.
