If you have located a file that you think is infected, but was not detected by your anti-virus software, or that was detected but was not cleaned, you can submit the sample to McAfee Labs for evaluation.
Submission requirements
It is very important that this information is followed because not doing so will cause a submission or sample processing failure. Submissions or samples that have failed as a result of not following the requirements will be closed without further processing.
- Sample must be in a password protected .zip file - 7Zip, RAR, and other formats will not be processed.
- The .zip file should be a single level. In other words, no .zip files within the .zip file (with or without password protection), and no folder structures more than one level deep. This can cause samples to not be processed.
- The file extension of the password-protected .zip file must be .zip. Any other extensions, or lack of an extension, will cause the sample to not be processed.
- When creating the .zip file, do not use AES or other types of encryption available from the program; just use a password for protection.
- You must use the word infected as the password for the .zip file. Any other password will cause the sample to not be processed.
- There can be no more than 30 files contained within the .zip file. More files will cause the sample to not be processed. If you have more than 30 files, spread them across multiple submissions.
- The .zip file can be no larger than 10 MB. Larger .zip files will cause the sample to not be processed.
Samples that fail to adhere to these requirements will be discarded and you will
not receive any notification to that effect.
For more information on creating a .zip file:
What not to submit
Submitting additional files other than the suspected file as it resides on the system can and will cause delays in processing, or even cause the submission to fail by increasing the total number of files or size over the permitted thresholds. The following list contains some examples of what
not to send:
- Log files from scans, such as On-Demand or On-Access Log files
- Screenshots
- .eml/.msg files (only the files attached to the emails should be submitted, not the email itself)
- Reports created by forensics tools
- String dumps
- Network traffic dumps
Submit only the suspicious files.
What to expect after uploading your sample
You will receive no further notifications until the sample has been analyzed.
If an Extra.DAT relating to your sample is posted to the ServicePortal, you will be informed of its availability in an email. Check your Service Request on the ServicePortal to download the Extra.DAT file. You will not receive any Extra.DAT files via email or otherwise:
- To manually check in and deploy an Extra.DAT through ePolicy Orchestrator, see KB67602.
- For instructions to apply an Extra.DAT locally for VirusScan Enterprise 8.x and later, see KB50642.
- For instructions to apply an extra.DAT to Security for Microsoft Exchange, see KB76201.
- For instructions to apply an extra.DAT to Security for SaaS Endpoint Protection, see KB51459.
- For instructions to combine one or more extra.DAT, see KB68061.
Submit samples to McAfee Labs with GetSusp
