Submitting samples of suspicious files to Sophos

  • N°Id de l'article : 11490
  • Mis à jour : 05 déc. 2013

In order to help our customers make the best decisions about security, Sophos provides a service to check files that may contain malware.

Is this advice for me?

There are several reasons why you should submit a sample to Sophos. The instructions on this page should be used in the following situations:

  • you are experiencing strange behaviour on your computer and you find a suspicious file that may be malware
  • you use another anti-virus product that reports that the file is infected, but you'd like to double-check the results or report the failure to Sophos
  • a Sophos product has warned you that you have a suspicious file on your computer, but it cannot tell you for sure whether it is safe
  • Sophos has asked you to submit a file, either during malware investigations or on the security descriptions page

You can submit suspicious files to Sophos by:

  • using the online submission form (recommended)
  • by sending an email.

 

Submitting files directly to our website

The quickest and most efficient method of submitting samples for analysis is to

This form enables you to give us all relevant information on your sample. This will help us to analyse it with maximum speed and efficiency.

Notes:

  • If you have been asked by Support to upload a sample and have an existing case reference, enter it into the 'Incident number' field of the form.

  • If your organisation is required to comply with secure data exchange regulations, this is the only form of file submission that you should use, as it uses HTTPS and encryption, and therefore complies with regulations regarding secure data exchange.

  • If you are using an anti-virus on-access scanner and you are having trouble collecting a sample, use the instructions in this knowledgebase article about capturing such files safely.

  • We need you to explain why you have sent the file and who sent it. Please tell us about any odd behaviour that prompted you to send the sample. Describe it as best as you can, using everyday language. We don't expect you to know the technical language used by our specialists.

  • There is a 30 MB file size limit on files submitted directly to our website.

 

Submitting samples by email

If you cannot submit your sample to our website, send an email. If possible, construct your email as outlined below using the English language.

  • Between your system and ours are there many forms of malware protection. The files you send must be able to pass between the systems without being detected as malware. Therefore, before sending us a suspicious file, create a password-protected zip file containing the suspicious file(s). We can process email messages and submitted files in other formats, but this will probably take longer.
  • If you can, include a summary of the problem in English. Email messages written completely in other languages will be dealt with as rapidly as possible, but translation may delay the process.

Email details

  • Email address (samples):
    samples@sophos.com
  • Title of the email: Sample submitted for analysis
    Use the title above.
    Add "- no reply needed" if you do not need a reply (i.e. "Sample submitted for analysis - no reply needed").

The sample file

Note: If you are using an anti-virus on-access scanner and you are having trouble collecting a sample, use the instructions in this knowledgebase article about capturing such files safely.

Make a password-protected zip file containing your suspicious file(s).
  • Attached file: attach the zipped file to the email
  • Password: type the password for your zipped file immediately below the file. We need this to open it.

If you do not use Windows (e.g. for Macintosh, Linux or UNIX), then use the standard compression format for that platform (e.g. Stuffit, gzip).

Email text

Include the following details in the text of your email.

  1. Why have you sent this sample?
    What was it that made you suspicious of this file? Please give full details of any symptoms.
    For example:
    • what caught your attention about it?
    • where did it come from?
    • has it affected your firewall?
    • has another anti-virus program detected it as a virus?
    • have you noticed excessive traffic on your internet connection?
    • has your browser been behaving strangely?
  2. Operating system
    What operating system (e.g. version of Windows) is the affected computer running?
  3. Your details
    Please give the following details:
    • Name
    • Job title
    • Organisation
    • Country

Related Articles

For information regarding the submission of spam samples to Sophos, refer to the knowledgebase article 23113: How to submit spam, and false-positive spam samples to SophosLabs


 
Si vous avez besoin de plus d'informations ou d'instructions, veuillez contacter le support technique.

Évaluez cet article

Très mauvais Excellent

Commentaires