We're glad to clarify this for you.
Each antivirus has its own unique scanning engine, algorithm. Depending upon the patterns in their virus database, they either decide a file as malicious or flag them as safe.
If the file has went through the clean notes of AVG, then it would be whitelisted by the group of anlaysts (who review the file submitted to our threatlabs).
Thank you for your understanding in advance!
More than four days ago I received a spam phishing email
with a link to a file purported to be a scan of a found ID
card. The file is really an Excel spreadsheet file which
probably contains a macro trojan dropper.
I submitted the Excel spreadsheet file to Avast for analysis
3-4 days ago but Avast and AVG still indicate that the file
is safe. However when I last checked at VirusTotal 34 other
products flag it as malicious. Why doesn't Avast/AVG agree?
File hash (256):
2706156a53be9c550575239aa735661c93225a3ccf1112968387000ecde9b7fa
https://www.virustotal.com/gui/file/2706156a53be9c550575239aa735661c93225a3ccf1112968387000ecde9b7fa/detection
>sample to our concern team. If you have submitted a sample using any other
>e-mail address, do provide us with the case number.
>Else, submit a sample in this link https://www.avg.com/en-ww/report-malicious-file
>for further analysis.
When I submitted it days ago I used the Avast submission page at
https://www.avast.com/report-malicious-file.php
I have just submitted it again via the AVG submission page at the link you provided.
>Did you submit any files to our concern team for analysis?
Did you not read my opening post? If so, what did you not understand when I
said this?
"I submitted the Excel spreadsheet file to Avast for analysis 3-4 days ago"
I'm well aware of the reasons for differing results from differing products.
But when a subject file is delivered by a means and in a fashion that is
typical of malware distribution, and the file is made available for analysis,
and when dozens of top-rated AV/AM products recognize it as a threat, then
I expect any product worth using will also identify it correctly eventually.
If the current Avast/AVG team of analysts aren't up to the task then it may be
time to switch products.
Differences in results from various products are typically due to:
The timing of when a specimen is available for analysis by the product's team.
Differences in what should be considered a PUP, etc.
Files which are part of a legitimate product so may have valid reason to do
suspicious activities, e.g. - Commercially available keyloggers.
Differences in options set in the various products. e.g. - Heuristics levels,
cloud analysis, behaviour blocking, etc.
But a spreadsheet file that uses an Excel macro to download a trojan is not
difficult to recognize or analyze, and is rarely if ever a disputed classification
among top-tier products. Worth noting is that AVG did correctly and quickly
identify three other infected Excel spreadsheet files I received in the past
month. But it has failed to recognize this one.
We couldn't locate any of your previous contact regarding the submission of sample to our concern team. If you have submitted a sample using any other e-mail address, do provide us the case number.
Else, submit a sample in this link https://www.avg.com/en-ww/report-malicious-file for further analysis. We haven't find any customers reporting the same.
This is why we requested you to submit the files to our concerned team.
Thank you for submitting the file via AVG link.
We would like to inform you that our team will analyze the file and provide necessary details via email as soon as possible.
Keep checking your email regularly to know about its status.
Your patience is much appreciated.
Santhosh, If you would keep up virus database up to date, this would not be an issue, would it?