Submitting samples of suspicious files to Sophos
This article describes how to submit files that you believe may have malicious content.
There are two ways of submitting files to Sophos for checking: by using the online submission form, and by sending an email. The files should be in a format that will not be automatically intercepted by gateway security software (e.g. a password-protected zip file). They should also be accompanied by information as to why they were sent, and who sent them.
For information regarding the submission of spam samples to Sophos, refer to the knowledgebase article 23113: How to submit spam, and false-positive spam samples to SophosLabs
How to submit files that you believe may have malicious content
There are two ways of submitting files to Sophos for checking
- using the online submission form
- by sending an email.
The files should be in a format that will not be automatically intercepted by gateway security software (e.g. a password-protected zip file). They should also be accompanied by information as to why they were sent, and who sent them.
Please tell us about any odd behaviour that prompted you to send the sample. Describe it as best as you can. Technical language is not necessary.
Note: If on-access scanning prevents you from collecting a sample file, follow the instructions in the knowledgebase on capturing such files safely.
Submitting direct to our website
The quickest and most efficient method of submitting samples for analysis is to
- use the online submission form.
This form enables you to give us all relevant information on your sample. This will help us to analyse it with maximum speed and efficiency.
Note: There is a 5 MB file size limit on files submitted direct to our website.
Submitting samples by email
If you cannot submit your sample to our website, send an email. If possible, construct your email as outlined below using the English language.
- We can process emails and submitted files in other formats, but this will probably take longer.
- If you can, include a summary of the problem in English. Emails written completely in other languages will be dealt with as rapidly as possible, but translation may delay the process.
Email details
- Email address: samples@sophos.com
- Title of the email: Sample submitted for analysis
Use the title above.
Add "- no reply needed" if you do not need a reply (i.e. "Sample submitted for analysis - no reply needed").
The sample file
Make a password-protected zip file containing your suspicious file(s).- Attached file: attach the zipped file to the email
- Password: type the password for your zipped file immediately below the file. We need this to open it.
If you do not use Windows (e.g. for Macintosh, Linux or Unix), then use the standard compression format for that platform (e.g. Stuffit, gzip).
Email text
Include the following details in the text of your email.- Why have you sent this sample?
What was it that made you suspicious of this file? Please give full details of any symptoms.
For example:- what caught your attention about it?
- where did it come from?
- has it affected your firewall?
- has another anti-virus program detected it as a virus?
- have you noticed excessive traffic on your internet connection?
- has your browser been behaving strangely?
- Operating system
What operating system (e.g. version of Windows) is the affected computer running? - Your details
Please give the following details:- Name
- Job title
- Organisation
- Country
If you need more information or guidance, then please contact technical support.
- Article ID: 11490
- Created: 1 Jul 2004
- Last updated: 7 Jan 2009
