Malware and False Positive Report FAQ

How long does it take for a signature change after submitting new malware or submitting a false positive report?

In most cases, it takes at least 48 hours from initial submission before any change will be published in the official ClamAV signature databases.

Who analyzes malware and false positive file uploads?

Given the volume of submissions, the vast majority of files are handled by automation.

Who has access to the uploaded files?

Access is limited to engineers and analysts within the Cisco Talos organization.

Are malware or false positive file uploads shared with other companies?

No. Files that are submitted through the Malware web form, False Positive web form, or using the clamsubmit tool, are not shared outside of Cisco.

However, sample sharing is fair game if we have already received the same file from a different source (VirusTotal, various feeds, etc.).

Are the files deleted after the analysis?

No. Uploaded files are kept indefinitely.

Is the file accessible using a public URL at any point in this process?

No. Uploaded files are not accessible using a public URL. They are processed internally and kept internal to Cisco Talos.