PDA

View Full Version : Dr. Web Online Scanner

achy
August 12th, 2002, 02:41 PM
When F-Prot identified a file as infected, I suspected a false positive and tried to confirm that by uploading the file to be checked by the Dr. Web Online Scanner and the similar Rambler/Kaspersky scanner. Both declared the file to be virus free (and it was).

The uploading lasted only about three seconds, however, whereas at least 20 seconds would have been required to upload the entire file. Does that seem legitimate to you? Can they declare a file virus-free after scanning only part of it?

Dr. Web Online Scanner
http://www.dials.ru/english/www_av/home.htm

Rambler/Kaspersky online scanner
http://antivirus.rambler.ru/db/
Tinribs
August 12th, 2002, 03:15 PM
It seems ok to me, but to double check why not download a trial version of a good av,DrWeb for instance. :)
achy
August 12th, 2002, 03:36 PM
-{ Quote: " quoting: Tinribs link=board=24;threadid=2972;start=0#20021 date=1029179705]
It seems ok to me, ...
" }-

Are you saying that scanning, say, only 50K of a 500K file is legitimate practice? That's what I'm wondering.
Technodrome
August 12th, 2002, 04:54 PM
It should scan whole file! Sometimes server is too busy and it could cut down on the size of file.
Try again!


Technodrome
wizard
August 13th, 2002, 07:02 AM
Send the file to support@complex.is and they will check if the file is malicious or not. This has the big advantage that the false positive of F-Prot will hopefully removed with the next update.

wizard
achy
August 13th, 2002, 01:57 PM
-{ Quote: " quoting: wizard link=board=24;threadid=2972;start=0#20090 date=1029236522]
Send the file to support@complex.is and they will check if the file is malicious or not. This has the big advantage that the false positive of F-Prot will hopefully removed with the next update.

wizard
" }-
That all has been done. It was a false positive. I apologize for the unclarity.

My question and concern were about a seeming problem with these upload-a-file virus scanners. These are an attractive service in principle and carry impressive brand names. But if they are going to give an "all clear" after examining only a tiny fraction of a file, they aren't much good, I guess.

Do you know of a way to obtain an objective measure of bytes sent in Win98? ZoneAlarm has a bytes-sent field, but it went wild when I tried it with Dr. Web Online---a 700 KB upload showed as 31 MB.

Thanks for your suggestions.