Re: [Full-Disclosure] [VirusTotal] Scan result (fwd)

From: Michel Messerschmidt (lists_at_michel-messerschmidt.de)
Date: 09/03/04

  • Next message: Juergen Schmidt: "[Full-Disclosure] Flaws in the new security functions of SP2 - revisited" 
    To: full-disclosure@lists.netsys.com
Date: Fri, 3 Sep 2004 11:31:27 +0200

    On Thu, Sep 02, 2004 at 04:01:16PM -0400, Über GuidoZ wrote:
    > It's kind of interesting to see the results, as it shows you what AV
    > programs seem to detect things better then others.

    I think this is actually misleading.
    You know nearly nothing from scanning just a single (or 10, 50,...)
    sample. And there are other basic test requirements. For example:
    - the different results could be due to differences in the update
      schedule at virustotal.com (some vendors offer their fastest updates
      only for premium licenses, which virustotal may not have).
    - maybe some products are used with optimized settings (for example
      maximum heuristic detection) and others with default settings.

    > It's also useful
    > for known viruses, but needing to know what each AV program calls
    > them. (I find this useful when trying to do tech support.)

    You know Vgrep (http://www.virusbtn.com/resources/vgrep/index.xml) ? 

    -- 
Michel Messerschmidt           lists@michel-messerschmidt.de
antiVirusTestCenter, Computer Science, University of Hamburg
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Juergen Schmidt: "[Full-Disclosure] Flaws in the new security functions of SP2 - revisited"