ok ...

cause many many people ask i decided to create a special thread ;o). I will try to give a little report daily:
The neural network ANTS uses to detect unknown malware is trained. First tests showed a detectionrate of about 70% about my whole database.

I also started to convert the old databases into the new format. ANTS 3.0 detects at the moment:


7687 backdoors (including clients + server editors)
411 batch worms
403 VCKs
119 flooder
585 irc worms
3381 I-Worms
21 JAVA malware
236 JavaScript malware
114 nuker
6554 trojans
88 trojan downloader
534 trojan dropper
8 trojan notifier
689 vbs malware
199834 dialer
32304 viruses


Release candidate seems to be released at 14.08.2002 :o).

See you tomorrow ;o).

Excellent work,I'm sure it'll be well worth the wait

changed the database format and some parts of the scan routine to improve the detection of binded trojans and backdoors. A few new unpackingmodules for neolite and wwpack are added, too.

Thanks Andreas! Much appreciated.

"Release candidate seems to be released at 14.08.2002 :o)."

I am assuming from this post some of the people that signed up to Beta test ANTS 3.0 are allready doing so?

Some of them got some parts to test - but nobody got a COMPLETE version.

Adieu, Andreas

I signed up for Beta testing quite some time ago but did not receive any reply. Are only selected people allowed to Beta test?

All are allowed.

Released a beta of the scanner module and a part of the updater today ;o). If someone want them just mail. Perhaps i will do a english translation if more than 10 people are interested ;o).

The scanner beta includes file and memory scanning :o).

Thank you,
I would like to participate. I have sent an email. I am an English speaking person- so you can add me to the list.

{QUOTE-> quoting: Andreas Haak link=board=25;threadid=2522;start=0#17979 date=1027709610]
Released a beta of the scanner module and a part of the updater today ;o). If someone want them just mail. Perhaps i will do a english translation if more than 10 people are interested ;o).

The scanner beta includes file and memory scanning :o).
<-QUOTE}

You allready know I want to try it out.. Please send !!!!!!!!!!!
Thank You

Andreas - If you have parts of it that are ready-to-go, why hasn't it already been automatically sent to the people who requested to take part in the beta-test? (I was on that list, too, BTW).

spy1@comporium.net Pete

you described to a test of the COMPLETE ants 3.0 professional package (rc 1).

quote:
Ja, ich möchte mich unverbindlich zum kostenlosen ANTS 3.0 Release Candidate 1 und ANTS 3.0 lite Betatest anmelden.

"Yes, i want to take part on the free ANTS 3.0 Release Candidate 1 test"

:o)

I will translate both - the updater and the scanner and send you a link ;o).

Thanks! Looking forward to it! Pete

Hi just ran a scan on a XP home and also on XP pro system with the Beta scan of ANTS3 and found this C:\WINDOWS\system32\netsetup.exe - Found: I-Worm.Lynder
C:\WINDOWS\system32\wextract.exe - Found: I-Worm.Lynder. Looks like a false reading. Does any one know this Worm? I have not removed them since TDS3 and Wormguard3 and NOD32 find no problems. Just thought I'd let others know ;D . I know it's beta so it's just for testing looks good to me. :P

I uploaded a wrong database - sorry. Just delete the IF5 file and run the update again ;o).

Hi,
That was not a complaint. Will you be able to select more than one drive to be scanned. Oh thanks for the fast reply ;D ;D

Its not complete. Its only a beta of the engine ;o).

The complete scan module with heuristics and unpacking and virus scanner will be released as a beta soon (and yes, you can choose more then one drive/folder).

Too Cool can't wait ;D :P ;D

Hi just re-scanned with new update no problems now. Also I scanned a Win2000 server system i'm running all clean and scan worked perfect ;D.

Gee, Andreas, it's nice to know that some people got part part of the program to play with....(My email must not be working - I'll check it right away! <g> ). Pete

Pete,

Check out this thread for the engine and update.

http://www.wilderssecurity.com/showthread.php?t=2668

Regards,
Kent

Okay, got mine, too (finally got caught up!), and, after some initial weirdness (I didn't get the 'if5scan.dll' file the first go-around, for some reason, plus I had to dump the existing if5 file in the 'Signaturen' folder and re-d/l that since the first one gave me all the bad hits, too), I got a clean scan in five minutes flat that checked 21,846 files on 'C' and 'D' drive (had to scan them separately).

That's actually kind of low on the file count, though. The Cleaner checked 31,658 last time and Tauscan checked 83,806 (supposedly). I did have 'Scan the process memory' checked - would it have checked more or less if I hadn't checked it? Pete

I still have not received a copy of Ants Beta 3.0...Am I doing something wrong?? It has been some time now. How do I obtain this program??

Hi Litph,
The link for the scanner is two posts above yours just download and try it. ;D also at the start of this thread is the link.

Andreas - Okay, so what do we do now? (Not too used to 'alpha-testing'!)

Do we continue to run the program every day (assuming there're more updates provided)?

How are you keeping track of what everyone's OS is that's using this (to see if there are any OS-related problems)? Or, are you basically waiting to hear from people who have problems?

Any reports from anyone who has actually caught something through use of the alpha? Pete

There aren't any bugs now, but a few false postives. I am still adding malware ;o).

Andreas.... :-*

I signed up for testing of RC1..I think I did it correctly...... ???
If someone would like to sign up now......could you post the proper procedure?
Is this the one?
"Ja, ich möchte mich unverbindlich zum kostenlosen ANTS 3.0 Release Candidate 1 und ANTS 3.0 lite Betatest anmelden."

Thanks, Doc......... :)

{QUOTE-> quoting: spy1 link=board=25;threadid=2522;start=15#18224 date=1027914149]

That's actually kind of low on the file count, though. The Cleaner checked 31,658 last time and Tauscan checked 83,806 (supposedly). I did have 'Scan the process memory' checked - would it have checked more or less if I hadn't check-marked it? Pete
<-QUOTE}

Low file count comments?

Also, since all it was checking for was worms - and that took five minutes on a low file count - can you give us some idea of whether the scan time is going to increase greatly once trojans and everything else are added to the DB?

Comparison (from this computer):

Tauscan - checked 83,806 files in 18 min 26 secs
TDS-3 checked 22,135 files in 14 min
AVG - checked 34,100 files in 7 min
The Cleaner - checked 31,658 files in 6 min 46 secs
NOD32 checked 32,573 files in 6 min 24 secs
AdAware took 49 secs
SBS&D took 17 secs

(BTW, I'd really love it if someone would explain why there's such a variation in the amount of files checked by the different programs - especially when they're all set to check C+D drives, all extensions, max heuristics, etc, etc.

Never have understood that. Pete

>Also, since all it was checking for was worms - and that took five minutes on a low file
>count - can you give us some idea of whether the scan time is going to increase greatly once
>trojans and everything else are added to the DB?

Nope. The difference between the time ants needs to scan a file with one signature or with 15.000 is about 5 or 6 ms :o). Perhaps it may take 6 or 7 mins than.

>The Cleaner - checked 31,658 files in 6 min 46 secs
>NOD32 checked 32,573 files in 6 min 24 secs

I think the ANTS engine is as fast as nod32 or the cleaner. If you activate the virus scanner ants will be slower.

>BTW, I'd really love it if someone would explain why there's such a variation in the amount
>of files checked by the different programs - especially when they're all set to check C+D
>drives, all extensions, max heuristics, etc, etc.

It differs how the program counts :o). Every good engine has something like a file type detection. If a file is uninfectable (*.bmp, *.gif, *.mp3) than good engines will detect that they can't be infected and they will be skipped. ANTS counts all files it scans - even if they were skipped cause they are uninfectable. TDS MIGHT only count files that were really scanned for example :o).

So....clicking on Ja, ich möchte mich unverbindlich zum kostenlosen ANTS 3.0 Release Candidate 1 und ANTS 3.0 lite Betatest anmelden."....& providing an email address will effect a notification when RC1 is available.& provide the opportunity to beta test?

Disco

I am guessing NOT. From what I can tell there is allready a select few trying out the product. I can however see why allowing too many to beta at the start would cause widespread panic LOL
There would be too many questions to answer.
We are trying to be patient here but I am thinking patients is wearing thin for some. ;) ANTS 3.0 is just not ready for beta testing yet.

ANTS 3.0 is still giving false possatives in my TEMP IE
windows folder.
Sig. file = 20020727.if5


Scanning process memory ...
Scanning C:\WINDOWS ...
C:\WINDOWS\Temporary Internet Files\Content.IE5\G30RGLI5\wbk71C5.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\3CUY4N3J\wbkA184.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\3CUY4N3J\wbkA2F4.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\3CUY4N3J\wbkA382.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\3CUY4N3J\wbk33A0.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\3CUY4N3J\wbk4036.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\YB9PN9AK\wbk82E0.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\YB9PN9AK\wbkB395.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\G6CSHYXU\wbk7082.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\G6CSHYXU\wbk7091.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\G6CSHYXU\wbk7114.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\G6CSHYXU\wbk7151.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\G6CSHYXU\wbk71C4.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\G6CSHYXU\wbk7200.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\G6CSHYXU\wbk7231.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\G6CSHYXU\wbk7255.TMP - Found: I-Worm.LoveLetter
C:\WINDOWS\Temporary Internet Files\Content.IE5\G6CSHYXU\wbk8014.TMP - Found: I-Worm.LoveLetter

Scanned processes:***28
Infected processes:******0
Scanned files:******7297
Infected files:******17
Scan finished.

Yes, I also have two (only two !) false positives flagged in my Pegasus mail folder, both detecting the Loveletter worm.

I have scanned these files with two alternative Virus scanners to check, and got no alert, so it looks pretty sure that the Ants alert is a false positive.

Looking forward very much to the final version, though.

Thank you for your work, Andreas Haak.

Regards,

Chris