Is it possible to scan with TDS a malware archive in a way that only the UNDETECTED samples are logged?

TIA.

You could give TDS Scan Control > scan exclusions tab a try ;)

regards.

paul

Thanks Paul,

but if I am not mistaken we are talking about two different things. It seems to me that scan exclusions exclude folders from being scanned.

By contrast, I want a folder to be scanned. And I want TDS to log only those files which are not detected. For example, I may want to scan a malware archive with 100 trojans. I may not be interested in the trojans which are detected by TDS but I may only be interested in the few trojans which are (possibly) not detected. I could easily submit those trojans to DCS etc. and I would not need to analyze the entire scan log.

Putting the new malware files in a different folder seems the only solution as far as I can see it - and putting other/later new ones found in just another folder after that ;)

regards.

paul

No.. sorry this isnt something we included at the time :/ There isnt an easy way to do this that I can think of, apart from right click delete a few times to get rid of detected files. Thanks for the idea.. I would have been happy with some new samples :) We can look at making an upcoming scanner have something useful for doing this.

Its not a home user feature though. Its easy to implement something like it when making commandline options available.. but the easiest would be just a delete parameter that deletes all positively ID'd files. Whats left wasnt detected, would this be enough ?

I suppose with this feature TDS will become a tool for malware writers.
How many users would have an archive with undetected trojans :)
But it is quite easy to write a SS3 script for that
Dolf