We’re excited to announce that we have selected the winners of our first-ever programming competition! University students developed their projects utilizing the Metascan Online API and were asked to create software applications demonstrating the value of scanning with multiple antivirus engines. Our team reviewed several amazing submissions from students all across the United States and decided that these three projects were the best of the best:

Tristan Currens

Texas Tech University

Satish K Menedi

University of Florida

Miguel Canton Cortes

University of California, Davis

The winning submissions are available for download on the Metascan Online website, with additional projects available for review on GitHub. These winners will receive some great prizes and we look forward to meeting them for their on-site interview!

We would like to thank everyone for submitting their projects to our first-ever programming competition and spreading the word to friends and colleagues. Make sure to follow us on Twitter or LinkedIn to learn about programming competitions we plan to hold in the future.

Here are the latest products that received an OPSWAT Certification. Please welcome our newest partner, Kromtech, to the OPSWAT Certification Program.

These newly certified products are now verified compatible with leading SSL VPN and NAC solutions from market leaders like Cisco, Juniper, F5 and many others who use OPSWAT technology to support detection and manageability of more than 3000 security applications.

	Kromtech MacKeeper 3.x
	Kromtech MacKeeper 3.x
	Kromtech MacKeeper 3.x Kromtech PCKeeper 2.x
	Kromtech MacKeeper 3.x
	Quick Heal Total Security 15.x
	Avira Antivirus Suite 14.x
	Avira Antivirus Suite 14.x
	McAfee Host Intrusion Prevention 8.x Quick Heal Total Security 15.x
	AVG LinkScanner 2014.x F-Secure PSB Workstation Security 9.x
	F-Secure Anti-Virus 14.x F-Secure PSB Workstation Security 9.x Quick Heal Total Security 15.x
	F-Secure Anti-Virus 14.x F-Secure PSB Workstation Security 9.x Quick Heal Total Security 15.x
	F-Secure PSB Workstation Security 9.x
	Kromtech MacKeeper 3.x

Video files are not typically thought of as potentially malicious or infected file types, but it is possible for malware to be embedded in or disguised as a video file. Due to this common misconception, audio and video files are incredibly intriguing threat vectors for malware writers.

Reasons for Viruses

• Media players are very frequently used software; users tend to use them for an extended period of time, leaving them open during other tasks, and frequently switch media streams.
• There are a wide variety of different audio players and many of different codecs and audio file plugins - all written by generally non-security-focused people.
• The file formats involved are binary streams, and tend to be reasonably complex. Much parsing is required to manipulate them, and playback calculations can easily result in integer bugs.
• Players take untrusted input from many different unreliable sources (often over the network), and run with fairly high privilege and priority. For instance, in Windows Vista, a low-privileged IE instance can launch content in a higher-privileged WMP.
• They are perceived as relatively harmless - users are likely to play files given to them.
• They are frequently invoked without the user’s explicit acknowledgement, (i.e. embedded in a web page) [1].

Vulnerabilities

Typical vulnerability vectors are 1) fuzzing the media player by a modified video file and 2) embedding hyperlinks in a video file.

1) Fuzzing is a generic method to force a program to behave unexpectantly by providing invalid, unexpected or random data to the inputs.

Fuzzing is designed to find deep bugs and is used by developers to ensure the robustness of code, however, a developer’s best tool can be used to exploit. For media players, which are supposedly "format strict", a corrupted real video file can expose many bugs, most caused by dereferencing null pointers. The result is, allowing inappropriate memory access, which indicates the possibility of writing to memory that is not intended to be written [2]. Fortunately, fuzzing media players requires in-depth knowledge of the file format or else the “corrupted” file, will simply be ignored by the player.

2) A more direct method is by obtained by embedding a URL into modern media files.

For example, Microsoft Advanced System Format (ASF) allows for a simple script commands to be executed. In this case, "URLANDEXIT" is placed at address 0x1329-133B and following any URL. When this code executes, the user is directed to download an executable file, often disguised as a codec and prompting the user to download in order to play the media [1,3].

Metascan Online has an example of one such file: https://www.metascan-online.com/en/scanresult/file/c88e9ff9e59341eba97626d5beab7ebd

The general threat name is "GetCodec", in this specific example, the media player was redirected to http://microsoftmediaplayer.net/pluginerror/ (website was taken down due to malware) and downloaded a trojan [4].

We have scanned the trojan here: https://www.metascan-online.com/en/scanresult/file/bd493d4780924435bfeb96a2af6db5b2

Microsoft (https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?ThreatId=-2147335891#tab=2) and Woodman [4] gives a deeper understanding on how the Trojan behaves.

Examples of File Type Exploits

Below is a table listing the popular media file formats that have been recently exploited by routing the user to malicious sites [3].

Solutions

Not all media players have guarded against malicious links, so the obvious recommendation ensues: do not view untrusted files, never run media players with elevated privileges and don’t accept downloads of “unheard” codecs or strange licenses.

Many antivirus vendors now have added detection by looking for the URL signatures inside media type files, however, this can also be avoided by malware writers by embedding in multi-gigabyte files which can take very long for the engines to properly scan.

As for fuzzing exploits, you will have to trust the programmers have performed the appropriate testing to clean up the deep bugs.

References

[1] David Thiel. “Exposing Vulnerabilities in Media Software”. December 2013. http://www.blackhat.com/presentations/bh-europe-08/Thiel/Whitepaper/bh-eu-08-thiel-WP.pdf

[2] Colleen Lewis, Barret Rhoden, Cynthia Sturton. “Using Structured Random Data to Precisely Fuzz Media Players”. December 2013. http://www.eecs.berkeley.edu/~brho/fuzz/fuzz_media_players.pdf

[3] Rahul Mohandas, Vinoo Thomas, and Prashanth Ramagopal. "Malicious Media Files: Coming to a Computer Near You". December 2013. http://www.mcafee.com/us/resources/reports/rp-malicious-media-files.pdf

[4]"URLANDEXIT tag in WMV". December 2013. http://www.woodmann.com/forum/showthread.php?13187-URLANDEXIT-tag-in-WMV

The 2014 RSA Conference is just around the corner and OPSWAT will be there exhibiting at booth 2531! We’re excited to show off some of the recent updates to our technologies, especially for GEARS and Metascan Online. 

If you’re still looking for a way to attend the upcoming RSA Conference, use the code EC4PSWT on the RSA registration page to receive a free expo pass! 

During the conference, visit us at booth 2531 to enter our raffle for the chance to win a GoPro and for every booth visitor, we will donate $1 to the Wounded Warrior Project. While walking around the showroom floor, make sure to be on the lookout for OPSWAT team members taking pictures to be entered in additional OPSWAT giveaways (they'll be hard to miss!).

Stop by our booth to try out some of our amazing products including:

• GEARS: Advanced threat detection and compliance enforcement for remote users and managed devices
• Metascan: The most robust multi-scanning solution, using up to 30 anti-malware engines in online or offline environments and with APIs for integrating to your security architecture
• Metascan Online: The fastest cloud–based scanning using 40+ anti–malware engines
• Metadefender: Protect your network against threats on USB drives using data sanitization, file filtering and multiple anti-malware engines

We look forward to seeing you at the show!

To schedule a one-on-one meeting with our teams, please visit opswat.com/contact-us to get in touch with an OPSWAT representative. 

With the release of Metascan version 3.8 we now provide native support for Syslog notifications.

Metascan’s Syslog support allows administrators to easily integrate third party Syslog tools such as Splunk, Kiwi Syslog Server, and ArcSight Logger, providing remote monitoring and reporting for potential issues with their Metascan system. The support currently covers any events which would be written to the Windows Event log and is configured in Metascan’s Management Console.

These events include:

• Engine Update Requests
• Engine Update Failures
• Starting/Stopping/Crashes of all Metascan processes
• License warnings (expiration of license or reaching limit of client and scans)

In future releases we are planning on expanding our Syslog support to also include all standard logging, allowing users to leverage all scan based data reported through a Syslog server.

In addition to the Syslog and Event Log based logging, we also offer scan based logging which is written to our database using MongoDB and are viewable via the Management Console.

Make sure to register for our upcoming webinar on March 5th, to learn more about the new Metascan Management Console and configuring your existing Metascan server through any web browser. 

OPSWAT today announced that Metascan Online, an online file scanning service utilizing 40 commercial anti-malware engines, has scan results for millions of malware files in its database. The large database of malware hashes and results allows users to quickly retrieve detailed scan results for their files, including popular Android, Mac and Windows binaries.

Metascan Online, OPSWAT’s cloud-based multi-scanning solution, uses OPSWAT’s Metascan technology to quickly scan files for malware using 40 anti-malware engines simultaneously. With tight integration of engines from Avira, AVG, ESET, Bitdefender and many other leading vendors, as well as a rapidly growing database of millions of hash results, Metascan Online provides the fastest, most comprehensive results for static file analysis.

OPSWAT also makes a public API available for Metascan Online, allowing users to integrate hash look-up and file upload capabilities into their own security processes to obtain scan results. The increasing size of the Metascan Online database makes this API extremely useful for both IT professionals and malware researchers; scan results can be retrieved very quickly and with limited strain on network resources.

“The growth of the Metascan Online database to millions of malware hashes adds tremendous value to our offering and is a great accomplishment for OPSWAT,” said Tony Berning, Senior Product Manager at OPSWAT. “The large database of available hashed viruses ensures that scan results can be delivered to users even more quickly.”

OPSWAT also recently announced the winners of their first-ever Metascan Online programming competition. University students built applications leveraging OPSWAT’s Metascan Online API to demonstrate the value of using multiple antivirus engines to scan for malware. Winning submissions are featured on the Metascan Online website.

To upload files to scan or to learn more about Metascan Online, please visit https://www.metascan-online.com. More information about the Metascan Online API is available at https://www.metascan-online.com/public-api. For further information or inquiries about commercial use of Metascan Online, please contact us or visit OPSWAT at RSA Conference 2014 in booth #2531.

I am excited to announce our latest release for the GEARS platform. This release includes a lot of new features and functionality including advanced threat detection and a brand new look and feel.

Click to play video

The biggest feature in this release is that GEARS now enables advanced threat detection for remote users. How do we define advanced threats? Advanced threats are threats that were not detected by your antivirus or that your antivirus software was unable to remediate. By combining multiple detection methods available through your installed antivirus and Metascan Online, GEARS is able to provide defense in-depth for all of your endpoints. GEARS now provides advanced threat detection by identifying and aggregating all of these threats into a single view across all of your endpoints.

You can configure your policies for advanced threat detection within the dashboard, and you now have the ability to perform a daily malware scan of your active programs, automatically upload unrecognized files, and monitor your anti-malware logs for any repeated threats. 

Click to enlarge.

GEARS has also undergone a significant update to provide the best user experience possible. Starting with the dashboard, users now have a single pane of glass into the security and compliance state of all devices under management, as well as any advanced threats detected. The navigation has now been moved to the left, and allows easy movement between the Dashboard, Devices, Event Log, Configure, and Help Center screens.

Click to enlarge.

We have also created key categories for a more user-friendly view into all of the functionality now available with the GEARS platform. These categories include Protection, Unwanted Applications, System, and Advanced Threats; the configurable policies are sorted accordingly into these categories.

Finally, we have made significant updates to our Developers Portal, including new APIs for the Client and the Cloud side, so please check it out and register for an account to take advantage of our APIs.

I encourage you to check out the new GEARS and contact us with any feedback.

OPSWAT today announced the official release of GEARS, a cloud-based solution that provides IT and security professionals with advanced threat detection and compliance enforcement for both remote users and managed devices.

OPSWAT GEARS is a network security management platform that offers advanced threat detection for remote users by identifying potential threats that the existing antivirus software might have missed or could not remediate. GEARS provides a reassurance of device security by utilizing more than 40 anti-malware engines from leading vendors such as Avira, Bitdefender, ESET and many more to scan remote devices for active malware. GEARS also looks at the threat log of the existing antivirus software to identify threats that cannot be remediated or that the user is repeatedly downloading.

GEARS also enables greater visibility and control over endpoint protection applications and their status by allowing administrators to quickly detect and remediate compliance issues. Powered by OPSWAT’s OESIS Framework, GEARS can detect and remediate security applications including antivirus, firewall, hard disk encryption and many others. GEARS also monitors unwanted applications, such as public file sharing, and system status, including whether the user is password protected.

“We’re incredibly excited to announce the official release of OPSWAT GEARS,” said Abby Kearns, Senior Director of Business Development at OPSWAT. “By providing advanced threat detection and compliance enforcement, GEARS provides information to ensure that each user attempting to connect to an organization’s network remotely is compliant with existing security and compliance policies as well as free of threats.”

Organizations that strive to remain HIPAA compliant, such as healthcare facilities, will benefit from the ability to enforce device compliance. These organizations can use GEARS to determine if hard disk encryption is installed on an endpoint and actively encrypting to ensure private patient information is properly protected. By providing greater endpoint protection visibility, GEARS allows administrators to quickly remediate issues without the hassle of manually monitoring an entire network.

GEARS can be seamlessly integrated into secure access solutions to provide an additional layer of enforcement for remote users. Using GEARS, remote users attempting to gain network access through a third-party security solution can be scanned for malware and assessed for adherence to compliance policies. Additionally, security professionals can leverage the expansive RESTful APIs to integrate GEARS into remote monitoring and management platforms for additional visibility and manageability of endpoints.

Users can manage up to 25 devices for free by registering for an OPSWAT GEARS account. For users interested in monitoring more than 25 devices, please visit our contact page to get in touch with an OPSWAT representative.  

For additional information about GEARS or additional available benefits and features, please visit https://gears.opswat.com/ or visit OPSWAT at RSA Conference 2014 in booth #2531. 

With the 2014 RSA Conference in full swing, we've released several exciting product releases and updates to coincide with this huge security convention! This past month includes the official release of our network security management platform GEARS and the announcement of the winners of our first-ever programming competition.

To stay up-to-date with the latest OPSWAT news, follow us on Twitter: @OPSWAT or visit our LinkedIn company page! 

OPSWAT this week announced the official release of GEARS. The network security management platform now provides advanced threat detection for remote users as well as enhanced compliance enforcement through easy integration to SSL VPN and NAC solutions.

To learn more about GEARS or for further details about the release,
please visit the OPSWAT blog.

Make sure to visit us at booth 2531 during the 2014 RSA Conference this week to demo some of our latest products and technologies.

In addition, every booth visitor will be entered in our raffle for a chance to win a GoPro!

---

New Version of OESIS Framework

OESIS Framework V4, successor to OESIS V3 and AppRemover SDK, includes performance enhancements and new features such as remote management and vulnerability assessment.

Demo OESIS Framework V4 at the 2014 RSA Conference this week or contact us for a personalized demo.

---

Metascan Online Offers Millions of Hashes

Metascan Online, the fastest cloud-based multi-scanning solution, now has a database of millions of file hashes. 

To instantly find scan results from more than 40 commercial anti-malware engines, visit the Metascan Online website. 

---

Programming Competition Winners Announced

We recently announced the winners of our first-ever programming competition! The winning submissions leveraged the multi-scanning capabilities of OPSWAT's Metascan Online API.

Click here to find out who won the competition and to download the winning submissions.

---

Can A Video File Contain A Virus?

Video files are becoming an increasingly dangerous file type due to their popularity among malware writers.

Check out our latest blog post to learn more about the reasons and vulnerabilities as to why video files are targeted by cyber-attackers.

---

Upcoming Metascan Webinar

Register for our upcoming webinar on March 5th to learn more about the major feature enhancements we've made to the Metascan web management console in the past few months.

---

We're Hiring!

We're always looking for new team members to join our company and grow with us! Visit our careers page to see the list of our current openings, which include:

• Product Manager
• Software Development Manager - Cloud
• DevOps Engineer

---

OPSWAT Product Updates

2/26/2014: GEARS - Release notes

2/24/2014: OESIS Framework version  - Release notes - Previous weekly release notes

2/12/2014: AppRemover version 3.1.11.1 - Release notes

More certifications have been awarded for the month of February! Congratulations to McAfee, Lavasoft, Panda Security, and F-Secure on receiving OPSWAT Certifications, verifying the industry-wide compatibility of the below applications.

	Lavasoft Free Antivirus+ 11.x Lavasoft Ad-Aware Personal Security 11.x Lavasoft Ad-Aware Pro Security 11.x
	Lavasoft Free Antivirus+ 11.x Lavasoft Ad-Aware Personal Security 11.x Lavasoft Ad-Aware Pro Security 11.x
	Lavasoft Ad-Aware Personal Security 11.x Lavasoft Ad-Aware Pro Security 11.x
	Panda Antivirus Pro 2014.x
	McAfee Total Protection 7.x
	F-Secure Antivirus for Workstations 11.x McAfee Total Protection 7.x Panda Antivirus Pro 2014.x
	F-Secure Antivirus for Workstations 11.x McAfee Total Protection 7.x Panda Antivirus Pro 2014.x
	McAfee Total Protection 7.x

We’re excited to announce a new integration between Metascan and CyberArk through our partnership with Bulwarx, an integration company specializing in software integration services. Bulwarx has developed a connector for CyberArk and OPSWAT’s Metascan multi-scanning technology to allow customers to easily integrate the two technologies.

CyberArk SIM is a secure file exchange solution that provides a secure vault for storing files and allowing files to be easily transferred into the local network. Bulwarx developers have successfully worked with several customers to deploy an integration between Metascan and CyberArk, allowing files to be scanned by Metascan, using up to 30 commercial anti-malware engines, before they are retrieved from CyberArk and transferred to your local network.

Through this connector, customers can benefit from the secure file exchange features of CyberArk as well as the advanced threat detection capabilities of Metascan. Utilizing multiple anti-malware engines, Metascan is able to detect potential malware threats the existing antivirus software might not identify. The highly flexible APIs of Metascan, utilized in the partnership with CyberArk, allows for seamless integration into existing or custom build security solutions.

For more details on the Bulwarx Metascan connector for CyberArk, please visit the Bulwarx website. For those interested in integrating the high performance multi-scanning capabilities of Metascan, please contact us.

Metascan Client allows you to use a remote Metascan Server to scan files on any Windows system, complementing any real time protection antivirus engine running on that endpoint. Scanning with a remote Metascan server allows you to scan files without having to do the heavy lifting of virus scanning on each of the endpoints where files need to be scanned.

By deploying a dedicated Metascan server, organizations can scan endpoints utilizing multiple anti-malware engines which significantly increases malware detection rates and identifies malware the existing antivirus software on the endpoint might not detect. Integrating Metascan's multi-scanning technology into an organization's network adds another layer of protection against the intrusion of malware.

OPSWAT is pleased to announce the release of Metascan Client 3.0.4! This new version of Metascan Client is now available for download through the OPSWAT Portal. 

In addition to making some minor fixes, there are several new features in this version of Metascan Client which include:

• Ability to cancel a scan in progress
• Improved reporting of files that failed to scan appropriately
• Notification if connection to the Metascan server is lost

For additional information on the release notes visit the OPSWAT Portal or visit our contact page to get in touch with an OPSWAT representative. For instructions on how to upgrade your installation of Metascan with the latest client, please see the Metascan Client User Guide.

 

We have talked many times on this blog about the benefits of multi-scanning and how using multiple anti-malware engines can increase detection rates of viruses, especially new virus outbreaks that are just starting to spread around the world. For an overview of the general benefits of multi-scanning, please review the Metascan product page.

The greatest benefits to using multiple antivirus engines for malware detection come when there is a low correlation coefficient between the engines for different detection rates. When engine detections are highly correlated they will detect a very similar set of malware, with the most extreme case being two engines that have a correlation coefficient of 1, where both engines detect exactly the same set of malware, and do not detect any malware that the other engine does not detect. The opposite case would be engines with a correlation coefficient of 0, in which case the detection of one engine would have zero predictive power in whether the other engine does or does not detect a piece of malware.

An example illustration of how engines can be strongly and weakly correlated is below.

In this illustration, you can see that engines A and B are weakly correlated while engines B and C are strongly correlated. This means that the detection rate of the combination of engines B and C will have a higher detection rate for malware than the combination of engines A and B.

Each engine vendor has its own methods of determining whether a sample file is a potential threat. Vendors make this determination by gathering samples and examining existing threats so that they can better predict whether a new sample is a threat or not. Most vendors have both automated ways of analyzing files as well as teams of analysts who perform a more manual analysis.

A vendor’s geographic location has an impact on the samples that they are able to collect and analyze in their research. Analysts working in labs may have more access to samples from their immediate geographic area and companies may have stronger relationships with sample providers who are physically closer to them. Analysts may also have personal relationships with individuals in the physical world that help them to better identify potential threats or who may alert them to new malware. Finally, malware that is targeted towards companies or systems in a certain geographic area or who operate in a different language may be first identified by labs in that same geographic area where the analysts speak the same language.

New outbreaks of viruses, especially new types of viruses, are often first identified by individual anti-malware engines before the wider community is able to detect it. The virus Stuxnet, for example, was first detected by a small Belorussian antivirus provider, Virusblokada, before it was detected by any other major antivirus engine. It is with new outbreaks where the correlation coefficient of detection rates between engines is the lowest and where you get the most benefit from having engines with weakly correlated detection rates.

In a multi-scanning solution, having engines from a diverse set of geographic areas helps to make the detection rate correlation coefficients between the engines as low as possible, which improves overall malware detection rates. The more diverse the selection of engines can be, the higher the probability that threats, especially new outbreaks, will be detected by the combination of the engines.

Below is a map of the headquarters for all of the engines in Metascan Online as of March 2014. Many vendors also have additional research labs in multiple locations, which are not indicated on this map.

Click to enlarge and to see vendor names.

We’re excited to announce a new integration between Metascan and CyberArk through our partnership with Bulwarx, an integration company specializing in cyber-security solutions integration services. Bulwarx has developed a connector for CyberArk and OPSWAT’s Metascan multi-scanning technology to allow customers to easily integrate the two technologies.

CyberArk SIM is a secure file exchange solution that provides a secure vault for storing files and allowing files to be easily transferred into the local network. Bulwarx developers have successfully worked with several customers to deploy an integration between Metascan and CyberArk, allowing files to be scanned by Metascan, using up to 30 commercial anti-malware engines, before they are retrieved from CyberArk and transferred to your local network.

Through this connector, customers can benefit from the secure file exchange features of CyberArk as well as the advanced threat detection capabilities of Metascan. Utilizing multiple anti-malware engines, Metascan is able to detect potential malware threats the existing antivirus software might not identify. The highly flexible APIs of Metascan, utilized in the partnership with CyberArk, allows for seamless integration into existing or custom build security solutions.

For more details on the Bulwarx Metascan connector for CyberArk, please visit the Bulwarx website. For those interested in integrating the high performance multi-scanning capabilities of Metascan, please contact us.

The 24th annual RSA conference at the end of February was one of the busiest conferences yet! We exhibited at the show, demoing new products and features and meeting with many customers and partners.

Click to play video

We met with leading security professionals to discuss the current trends they noticed at this year’s conference, and we captured these themes in our conference recap video. Check out the video to hear from leaders at Cisco, F5, Palo Alto Networks, ESET, OPSWAT and others on the topics of advanced threats, cloud security, industry partnership and more.

Hundreds of conference attendees stopped by our booth during the show to say hello and demo our products and technologies. At the show we announced the official release of GEARS, our network security management platform that provides advanced threat detection for remote users, and we also announced that Metascan Online, the fastest cloud-based multi-scanning solution, now has scan results for millions of file hashes. For those that were unable to attend the security conference or would like to learn more about the products we exhibited at RSA, please contact our sales team. 

Thanks to all our booth visitors, we will be donating $442 to the Wounded Warrior Project! As an RSA tradition we donate $1 for every booth visitor. We look forward to future contributions to the Wounded Warrior Project, which provides programs and services to members of the military that suffered injuries during combat. 

We also held our annual booth raffle giveaway during the conference with the winner receiving a GoPro! For those that entered the booth raffle, make sure to check your e-mail inbox as we will be contacting the winner shortly. To view additional photos from the conference, please visit our Facebook page.

Check out some of our favorite pictures from the RSA Conference below!

   Click to enlarge.

      Click to enlarge.

   Click to enlarge.

Metascan Online, the fastest cloud-based multi-scanning solution, not only increases the likelihood of detecting malware but also provides a mechanism for identifying false positives based on the detection ratio among 40 anti-malware engines.

Metascan Online automatically shares potential false positives with the anti-malware engine vendor when the detection ratio is lower than a specified threshold (unless you are using the private API or host Metascan yourself). However, if you believe any of the engines falsely detected your file as a threat, you can help the vendor improve their detection rates by submitting your file to the vendor manually using the links below:

AegisLab - http://www.aegislab.com/Support/

Agnitum - http://www.agnitum.com/support/contact.php

Ahnlab - http://global.ahnlab.com/en/site/support/virusreport/virusReport.do

Antiy - Submit false positive to submit@antiy.com.

AVG - http://samplesubmit.avg.com/us-en/false-detection

Avira - http://analysis.avira.com/samples/index.php

BitDefender - http://www.bitdefender.com/support/contact-us.html

ByteHero - Submit false positive to support@bytehero.com.

ClamWin - http://www.clamav.net/lang/en/sendvirus/submit-fp/

Commtouch -

Use Winzip to zip and encrypt the file with the password of “virusvirus” without quotes. Email the file to virus@authentium.com with the password to the zip in the body of the email.

Emsisoft - Create a new thread and submit file in this forum.

ESET - http://kb.eset.cz/esetkb/index?page=content&id=SOLN141

F-prot - http://www.f-prot.com/virusinfo/false_positive_form.html

F-secure - https://analysis.f-secure.com/portal/login.html

Filseclab - Submit false positive to fp@filseclab.com.

Fortinet - http://www.fortiguard.com/antivirus/submit.html

Hauri - http://www.hauri.net/support/virus_report.html

Ikarus - Submit false positive to false-positive@ikarus.at.

Jiangmin - Submit false positive to support@jiangmin.com.

K7 - Submit false positive to support@k7computing.com.

Kaspersky - http://support.kaspersky.com/virlab/helpdesk.html

Kingsoft - Create a new thread and submit file in this forum.

Lavasoft - Submit false positive to http://www.lavasoft.com/support/securitycenter/report_false_positives.php

McAfee-Gateway - http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx

Microsoft - https://www.microsoft.com/security/portal/Submission/Submit.aspx

NANO - http://www.nanoav.ru/index.php?option=com_content&view=article&id=15&Itemid=53

Norman - Submit false positive to http://www.norman.com/business/support/support_tools/potential_false_postive_virus_alarm

nProtect - Submit false positive to support@nprotect.com.

Quickheal - http://www.quickheal.com/submitticket

Sophos - https://secure2.sophos.com/en-us/support/contact-support/sample-submission.aspx

SUPERAntiSpyware - Create a new thread and submit file in this forum.

Symantec - https://submit.symantec.com/false_positive/

ThreatTrack - http://www.threattracksecurity.com/resources/submissions.aspx

TotalDefense - Submit false positive to totaldefense@iyogi.net.

TrendMicro - http://www.trendmicro.com/us/about-us/detection-reevaluation/index.html

TrendMicroHouseCall - http://esupport.trendmicro.com/solution/en-us/1037634.aspx

VirIT - http://www.tgsoft.it/italy/file_sospetti.asp

VirusBlokAda - http://www.anti-virus.by/check/

Zillya! - http://zillya.com/node/30

Zoner - http://www.zonerantivirus.cz/zaslani-vzorku-k-overeni

OPSWAT is excited to announce the release today of several new enhancements to the fastest cloud-based multi-scanning solution Metascan Online.

We have added a new API to the Metascan Online API that allows submission of multiple hash codes at the same time.This will help anyone who is using the API to look up existing scan results to optimize their hash retrieval process. The new API returns basic hash results, which then allows users to easily retrieve detailed hash results only for the files they are interested in.

In addition, several new submissions from our first-ever programming competition are now available for download! Submissions include a mail relay scanner that scans all e-mail attachments for malware and a Metascan Online Chrome browser plugin. All of the available applications leverage the multi-scanning capabilities of the Metascan Online API.

For more information about this update, please visit Metascan Online.

With the weather starting to warm up and a fresh spring season upon us, it can only mean one thing – new announcements and updates! This past month includes a RSA Conference 2014 video recap and additional submissions to our first-ever programming competition now available for download.

To stay up-to-date with the latest OPSWAT news, follow us on Twitter: @OPSWAT or visit our LinkedIn company page! 

Watch our RSA Conference video recap which includes interviews with leading cyber security professionals in our latest blog post!

The post also announces our donation amount to the Wounded Warrior Project and includes some of our favorite pictures from

---

Advanced Threat Detection For Remote Users

With more users working remotely it's becoming increasingly important for organizations to ensure remote devices are free of malware.

Download our latest white paper to learn how advanced threat detection solutions can be extended to remote users to improve malware detection.

---

Metadefender Webinar

Make sure to register for our upcoming webinar on March 26th to learn more about utilizing the Metadefender management console to help determine secure workflow policies for different user groups.

---

Multi-scanning Around the World

Scanning with antivirus engines located in diverse geographical locations can help improve the likelihood of detecting new malware outbreaks.

Click here to find out additional benefits and a map of the headquarters for all of the 40 anti-malware engines used in Metascan Online.

---

False Positive Detection

Check out this great resource indicating how false positives can be reported to the many different antivirus vendors.

Submitting false positives to antivirus vendors can help improve their malware detection rates.

---

Programming Competition Submissions

New submissions to our programming competition are now available for download on the Metascan Online website!

All of the available submissions leverage the multi-scanning capabilities of the Metascan Online API.

---

Upcoming Events

Make sure to visit us at the 2014 Hawaii Information Technology Expo Series in Oahu, Hawaii! Stop by and say hello during the six-series long event to learn about protecting your organization from malicious attacks.

Also, on the 8th of April we will be attending and speaking at the 9th annual Cyber and Information Security Research Conference in Oak Ridge, TN. 

To learn more about these upcoming events, please visit our upcoming events page.

---

Follow us on Social Media!

Make sure to follow us on our various social media handles to stay up-to-date with the latest OPSWAT news!

• Twitter
• Facebook
• LinkedIn
• Google +

---

OPSWAT Product Updates

3/21/2014: Metascan Online - Release notes

3/15/2014: OESIS Framework version 3.6.8858.2 - Release notes - Previous weekly release notes

3/10/2014: Metascan Client version 3.0.4.23255 - Release notes

3/3/2014: CacheCleaner version 1.3.19.1 - Release notes

3/3/2014: AppRemover version 3.1.12.1 - Release notes

 

Metascan Online has always allowed you to look up the scan results for a file’s hash value using either the search page or the public API, but we have recently added an additional way to easily access hashed results.

The new feature makes available a direct link to the scan results for a file’s hash. To directly access the results for a specific hash code, you can now simply navigate to the URL following this format:

https://www.metascan-online.com/en/scanresult/hash/{hash value}

{hash value} can be the MD5, SHA1, or SHA256 hash code for the file. For example, if you want to look up the results for the standard EICAR test file you can use any of the following links:

https://www.metascan-online.com/en/scanresult/hash/44D88612FEA8A8F36DE82E1278ABB02F

https://www.metascan-online.com/en/scanresult/hash/3395856CE81F2B7382DEE72602F798B642F14140

https://www.metascan-online.com/en/scanresult/hash/275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F

This new feature allows you to integrate the Metascan Online results page directly into your application instead of having to parse and format the raw data returned by the Metascan Online API.

Try out this new feature for yourself at www.metascan-online.com.