What do you mean about KLIK (ftp://ftp.externet.hu/pub/mirror/sac/avir/avtst30.zip) ?

It seems to be a nice thing. F-secure passes all tests, KAV doesn't give any sign of virus.

Well i have just tested with panda platinum and the etrust promo.

Panda only passed the eicar test and etrust passed none! :o

NAV2004 did passed all tests.
:)

The link doesn't work...

Oh, yes, it works ...

McAfee 7.1 found all 4. :)

Kloshar-
Thanks for the link, that's pretty cool.

I tested Symantec Corporate and Avast Pro so far. Symantec passed all four and Avast passed the EICAR test and the enhanced worm test, failed the other two. That was with the resident scanner set to highest level of protection.

Why Kaspersky doesn't detect any of it?

On demand eScan (free) found all 4. Also DrWeb.

I'd be surprised if anyone above junior member clicks on the referenced link.

Using mouse tip info it looks to be a zip file, with an ftp path.

Half the battle of safe computing is knowing when not to click on a link to satisfy that ol' curiosity.

may be safe, but I'll pass.

Googling damselsoft got me more info. Site domicile is India (not that good things can't come out of non US based sources).

found this discussion at Computer Cops (I'm not the only one who will not click the refereced link without knowing what I am clicking on; if I am familiar with the poster and their level of awareness I might not have a problem - not the case.)

http://computercops.biz/postt6209.html&view=previous


also this from computerworld gives some insight on what the program does if it is the same program:

http://drn.digitalriver.com/product.php?id=56121&SiteID=computerworld

{QUOTE-> Description by publisher
"AntiVirus Tester is a small utility to test your antivirus whether it is working fine or not. It uses simple technique of tes-tworm creation to invoke antivirus action. Utility to ensure that you not only feel protected but really get protected from worm hazards." <-QUOTE}


good luck 8)

Ha ! Link to program home page: http://www.damselsoft.freeservers.com/

Another discussion about this program can be found here http://www.wilderssecurity.com/showthread.php?t=14491

As I recall KAV did not detect any of these files, because none of these files were created on the computers in their labs. Thus there was nothing for it to detect. The help file to this program says the files are created on your hard drive or whatever, but I too was never able to see any files being created on my computer.

It helps a person gain peace of mind to browse around before just simply downloading at will. I know after browsing this ftp site I'll be adding it to my favorites list. I've never seen so many security related tools and applications in one place. To be clear, it does not look like a warez site or anything like that, just hundreds of security applications in one place, ready to download.

Anyway, back on topic, Noman Virus Control passed all 4 tests.

F-Secure AV 2004 passed all 4 tests.

eTrust Promo7 Vet engine (the resident shield) failed them all. Strange, it passed 3 of the a few months ago.. :'( ???

KAV Personal Pro 4.5 failed all 4, OTOH McAfee VirusScan Enterprise beta catches all.
One thing I noted that 4 files were saved in the C:\ root directory after McAfee
detected and blocks them all. Strange why KAV can't catch it.

- AgentX

Kaspersky quarantained this one:

Bij de Sluiten van het bestand "C:\Documents and Settings\Gerard Willems\Local Settings\Temporary Internet Files\Content.IE5\W5Y8WBB1\test-bid6481[1].htm" is het virus "Exploit.HTML.ViaSWF" van de engine "Kaspersky" ontdekt. Bestand opgeschoond: Nee. Bestand verwijderd: Nee. Geïsoleerd: Ja.

{QUOTE-> KAV Personal Pro 4.5 failed all 4, OTOH McAfee VirusScan Enterprise beta catches all.
One thing I noted that 4 files were saved in the C:\ root directory after McAfee
detected and blocks them all. Strange why KAV can't catch it.

- AgentX <-QUOTE}
Did you disable the McAfee RTM first or something? Since McAfee seems to just detect the testing program itself when it's installing.

{QUOTE-> eTrust Promo7 Vet engine (the resident shield) failed them all. Strange, it passed 3 of the a few months ago.. :'( ??? <-QUOTE}

I did not click on the ftp server in India , but tried to download the the Eicar test virus from the official website.http://www.eicar.org/anti_virus_test_file.htm

my e trust v7 passed fine using Vet

peakaboo,

I don't really know what you're trying to say. You have just loaded some words and that's it. No realy sense. You look like a real paranoic.

Peakaboo doesn't trust the link, and neither did I. That's all. Let's keep on topic and away from personal comments ;)

I still didn't get an answer why Kaspersky didn't detect any of it? F-secure didn't write a name of a virus, it has just deleted it. That is a resoult of a good heuristics.

I am very concerned that KAV didn't detect it. Norton even heuristically detected the tester as a VB worm - I don't think it is, but it found the characteristics.

{QUOTE-> Did you disable the McAfee RTM first or something? Since McAfee seems to just detect the testing program itself when it's installing. <-QUOTE}

I did disable the RTM before installing the program. Then I excluded the
installed path from RTM detection. Then I enabled RTM back and fired up
the tester. In short, I made sure it didn't block the whole program.

BTW, I tested AVP 3.5 with latest updates and it does detect all 4 attacks.
Though, it does nothing to prevent them and tester reports the program as
failed one. However it does detect all the attacks and presents a choice to
clean it, which I didn't try.

Just like McAfee, the AVP also detects all four files in C:\ root directory ..so
I am sure that the program does create temporary files somewhere. It
amazed me why KAV 4.5 failed the test, and I'm also curious about the
method it uses to throw attacks on system.

Regards,
AgentX

Ok here we go...

* fireup a hex editor ( no disassembler needed, i did it already, so trust me ;D )

* load av3.exe

search for FF|15|54|10|40|00 and replace this with 90|90|90|90|90|90 ( Asm command "NOP" - do nothing )

This pattern should be detected 4 times in this file - replace this OpCode ( It's a call into the VB Runtime Lib for deleting files, called "KILL" command in VB) with our NOP commands.

Then the files remaining on your hard disk (drive c) after you did press "test" and you can view them in your editor (notepad for instance)

Regards,
Godzilla ;D

So it's clear now that the tester is creating files on the fly ...then why KAV 4.5 is
failing all 4 tests? I hope this test wasn't designed especially to discredit Kaspersky ;)

- AgentX

{QUOTE-> , I tested AVP 3.5 with latest updates and it does detect all 4 attacks.
Though, it does nothing to prevent them and tester reports the program as
failed one. However it does detect all the attacks and presents a choice to
clean it, which I didn't try.
Regards,
AgentX <-QUOTE}

I just installed and tested with avp 3.5 with latest updates as well, and failed all 4 tests. I am puzzled how did you manage to get the avp 3.5 worked. :)

hello people, nice to know that an Indian software is making currents if not waves. but if you ask me then i won't trust this software as the source not........ well lets put it this way i'm paranoid i only trust a few people. i'll choose VB or Westcoast or AV-TEST anytime before Damselsoft. the best way to test your AV is to download some viruses and test it yourself.

{QUOTE-> ...the best way to test your AV is to download some viruses and test it yourself. <-QUOTE}

For the record - and no offense intended! - we don't encourage this.

regards.

paul

I couldn't believe that KAV was failing this test, so I installed KAV 5 and tested. It failed all four tests. Now in my mind, that completely discredits this test. Kaspersky's reputation speaks for itself and this testing utility, to me, now has a bad reputation. Even the worst AV out there should be able to detect an EICAR test file. It's just a standard test file that I think all AV's are required to know about. If KAV can detect the file downloaded at www.eicar.org but not the one generated by this tool, that makes me think that there is something else going on with this tool that isn't right.

I should mention I tested with latest updates and everything set to maximum protection.

{QUOTE-> Now in my mind, that completely discredits this test. Kaspersky's reputation speaks for itself and this testing utility, to me, now has a bad reputation. <-QUOTE}

That's the strangest kind of logic I've ever encountered. Shouldn't it be the other way around?

swatch

for the member poster (kloshar) who questioned what the point of my original post was on page 1:

my point is if you have no reason to trust or are not familiar with what a program or a link does do not click or execute.

very simple concept ;)

se7engreen you make a good observation...

for those who want to get closer put what se7engreen wrote:

{QUOTE-> If KAV can detect the file downloaded at www.eicar.org but not the one generated by this tool, that makes me think that there is something else going on with this tool that isn't right. <-QUOTE}

together with AgentX

{QUOTE-> So it's clear now that the tester is creating files on the fly ... <-QUOTE}

I already posted what the author of the program says it does:

Description by publisher/author of anti-virus tester
{QUOTE->
"AntiVirus Tester is a small utility to test your antivirus whether it is working fine or not. It uses simple technique of tes-tworm creation to invoke antivirus action. Utility to ensure that you not only feel protected but really get protected from worm hazards." <-QUOTE}

who knows what else it is doing (maybe nothing)

not trying to denigrate but I am not surprised that not many above junior member have posted as having tried this anti-virus tester

click indiscriminately at your own risk (not paranoid, simply common sense

[

{QUOTE-> That's the strangest kind of logic I've ever encountered. Shouldn't it be the other way around? <-QUOTE}

Yeah, I know what you mean, but when you put an unknown testing utility up against an established AV heavyweight like Kaspersky, I just don't see any other way to look at it.
It's really the EICAR test that makes me suspicious. I can't even download the raw eicar test file from the official eicar site without KAV going nuts, but somehow it misses it when this AV tester generates it. I don't know what this tool generates but it must be different than what www.eicar.org offers.

{QUOTE-> Yeah, I know what you mean, but when you put an unknown testing utility up against an established AV heavyweight like Kaspersky, I just don't see any other way to look at it.
It's really the EICAR test that makes me suspicious. I can't even download the raw eicar test file from the official eicar site without KAV going nuts, but somehow it misses it when this AV tester generates it. I don't know what this tool generates but it must be different than what www.eicar.org offers. <-QUOTE}

..then why is it, many others reported here their antivirus passed this?

swatch

{QUOTE-> ..then why is it, many others reported here their antivirus passed this? <-QUOTE}

I can't explain the logic behind the program or why some pass and some don't. All I can say is that because of the strange results of this test, I won't put any faith in it. This is based on certain things that I believe to be true:
1) ALL antivirus software on the market today should catch the EICAR test file.
2) If KAV can detect EICAR from it's true source but not when generated from this utility, then something must be different between the two.
3) There are a hundred different tests/testers/sites/certifications, whatever, that say Kaspersky AV has an incredible detection rate, among, if not the best. Just because it failed this questionable test doesn't mean that West Coast Labs should remove it's checkmark. (I know that no one implied this, I'm just showing how ridiculous these test results look to me)

I won't trust this test based on what I stated.
{QUOTE-> eTrust Promo7 Vet engine (the resident shield) failed them all. Strange, it passed 3 of the a few months ago.. <-QUOTE}
This would also raise a red flag with me.

I'm not trying to completely bash the software, I think a testing utility like that is a good idea, it would just need to provide accurate & consistent results.

Strange program that give unpredictable results:
Windows XP (NTFS) AV TREND PC-CILLIN 9.05 signature success at 4 tests (only 2 according
Windows 98 SE (FAT 32) AV NOD32 signature 1.747 failure at 4 tests
After the tests on Win98 nothing can be recover on the root of C: (with Norton undelete) and the file test.vbs cannot be recover from anywhere on the disc.
I retrieve the files from PC-Cillin quarantine on XP machine and put them on a floppy. NOD32 (AMON) detects all 4.

Detection with Trend
Simple: VBS_GENERIC.009
Enhanced:VBS_LOVELETTER.A
Crypted: VBS_VBSWG.GEN

Detection with NOD
Probably unknown script virus
Probably modified worm LOVELETTER.A
Probably unknown script virus
???

{QUOTE-> Well i have just tested with panda platinum and the etrust promo.

Panda only passed the eicar test and etrust passed none! :o <-QUOTE}
Well I just ran the test and etrust passed 3 out of the 4. Didnt pass the simple worm which they described as email viruses.

NOD32 failed all 4 :)

This test is useless.
Stop bothering with it.

My DrWeb found them all but I've tried
KAV 4.5 (and NOD) in the past and tested them with real viruses
and I don't believe that they can't find viruses DrWeb finds,
especially KAV.

I just use DrWeb instead of KAV because is light and doesn't
have conflicts with anything in my PC.

OK, thanks for all posts! I will send this test to Kaspersky labs so they will see what is wrong with their product or with tester.

Regards!

AVG failed the tests, except when I used the hacked .exe that leaves the virus/worms on the disk, then AVG detects all 4 when I go to the root directory its stored in.

OK, here is Kaspersky's answer:

Dear kloshar.

This is legal soft Anitivirus Tester 3.0
We know about it and think that there is not any virus in this soft.

Sincerely yours,
Elsa Bikulova
Technical Support
Kaspersky Labs
E-mail: support@kaspersky.com
Internet: http://www.kaspersky.com, http://www.viruslist.com

My KAV 5 flags the files, however - it just doesn't delete or quarantine them.

NOD detect the .exe file as NewHeur_PE Virus using AH.

I think its simple really..

F-Secure is finding it because of its backup engines and their heuristics - which I don't think anyone disputes as being very strong. KAV is only one aspect of the F-Secure system obviously, and their other engines work.

NOD32 is failing because it has issues with its AMON - specifically no or almost no heuristics.

DrWeb is finding them, because its known to have good heuristics.

So there you have it really.. Since nothing is really written to the HD with this program, thats probably why all those on-access HD scanner toys are picking them up once you hack the program.

Maybe i'm wrong, but dang, it seems a bit obvious here.

silentsosbreaker

No links to viruses. Please read the TOS (http://www.wilderssecurity.com/TOS-Privacy.html) .

NOD passed them all. ;D