Date: Mon, 17 Sep 2007 23:05:36 -0400
From: Social-D <duckhacks@...il.com>
To: "Joel R. Helgeson" <joel@...geson.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Symantec Contact?

What's really Sad is that Symantec does not have an option for the
general public (i.e. Independent Virus Researchers) to submit virus
samples .

You have to either
 A. Submit it through their product.
 B. Have a Corporate Support contract.

Guess they don't want new samples.


-S



On 9/17/07, Joel R. Helgeson <joel@...geson.com> wrote:
> Symantec is notoriously slow to release AV updates, because while they may
> have the AV signature available within the hour, they hold it back until
> they have the signature configured and working for all versions of all their
> products running on all platforms, which at last count was over 2.45
> gazillion (and counting).
>
> They state that they don't want to issue partial releases for different
> products, which makes sense. If you have version xxx.yyyy.z of the
> definition file, then you're covered against the FOO variant of the BAR
> virus, irrespective of whatever Symantec application, platform, or version
> you're running.
>
> The downside is that they take a LONG time to release signatures, as you
> have now seen.
>
> I do not use Symantec, as too often they have been the single point of
> failure in the enterprise, and one should not underestimate the system
> slowdown brought on by 15 years of code bloat.
>
> -joel
>
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Beauchamp,
> Brian
> Sent: Monday, September 17, 2007 12:28 PM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Symantec Contact?
>
> That's where I submitted our file to yesterday. It's funny that less then 5
> minutes ago I received an email that the defs had been updated to include
> this variant.
>
> ________________________________
>
> From: Theodore Pham [mailto:telamon@....EDU]
> Sent: Mon 9/17/2007 1:13 PM
> To: Beauchamp, Brian
> Subject: Re: [Full-disclosure] Symantec Contact?
>
>
>
> Submit the sample to Symantec via
> http://www.symantec.com/avcenter/submit.html
>
> They've been pretty responsive in the past, though I haven't needed to
> submit a sample in over a year.
>
> Ted Pham
> Information Security Office
> Carnegie Mellon University
>
> Beauchamp, Brian wrote:
> > Does anyone have a contact within symantec?
> >
> > We have numerous infections of the W32/Sdbot-DHS worm
> > (http://www.sophos.com/virusinfo/analyses/w32sdbotdhs.html). Most major
> > AV vendors are updating their definitions to block it, one of them isn't
> > Symantec. We have created a removal kit but the machines keep being
> > reinfected since they cannot all be disinfected at once (limited network
> > access).
> >
> > We have submitted a virus sample last week and have contacted our sales
> > rep neither are giving a helpful response. Aside from cutting over to
> > sophos AV client, Any ideas?
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists