Hi, I made a clean scanning test recently, but unfortunately I hadn't KAV within. But now KAV is strugling against the 1. test winner, RAV in my PC, to detect as many files as possible.

In this test the both scanners were adjust to best possible scanning mode, in- and outside archives, all files, unpack executives etc.

No viruses were found and no false positives. I think my PC is clean after those both tests. Thank's to Outpost Firewall Pro.

Both scanners were updated to this date, all resident scanners disabled and the both av:s were in my PC together (the other one was in the backup state).


Tests made 16.1.2003

KAV 4.0.9 Personal Pro (latest scanner engine 4.0.5.37; best possible scans, all files, archives scanning, list packed etc.)

(total amount of scanned files 132 962, folders 2 148, archives 7 161 and packed 359)
***

Capable to scan [files] 132 962
Scanning time [hrs.min:sec] 0.48:25
Av. scanspeed [files/min] 2 746
Unable to read [files ÷ ‰ ] 31 ÷ 0,233 ‰ (corrupted 4, I/O errors 27)


RAV 8.6.104 (all files, archives scanning)

(total amount of scanned files = 160 492; folders 2 147, archives 6 375 and packed 2 455)
***
Capable to scan [files] 160 492
Scanning time [hrs.min:sec] 0.38:10
Av. scanspeed [files/min] 4 205
Unable to read [files ÷ ‰ ] 0 ÷ 0 ‰ (corrupted 0, I/O errors 0)


Regards,
Firefighter!

So you are saying that Rav managed to scan your whole system and yet there were no 'unable to scan' files???
Windows locks many files in its use and I've yet to see a scanner that can scan these locked files;

for example, pagefile.sys,system32.config etc (on xp)

To Tinribs from Firefighter!

I'm not absolutely sure what were the end comment's in the "ravwin" files notepad, because there were over 160 000 rows.

But that was not the point. Everybody knows that KAV is capable to scan all possible archives. So where are the missing packets and files? Maybe I had done something wrong, tell me?

Here is the copy of RAV's summary report. :o



The scan is finished.

[General]
Scan Time******= 16. january 2003 10:22:23
Unpack exe******= true
Inside archives***= true
Scan mail files***= true
Heuristic scan***= true
Integrity check***= false
Scanned files***= ALL_FILES

[Statistics]
Files*********= 31932
Folders*********= 2147
Archives******= 6375
Packed*********= 2455
Scan time******= 26:58.47 (= processing time)
Scan speed 1*** = 19,73
Scan speed 2*** = 1734,87
Infected******= 0
Virus bodies*** = 0
Suspicious******= 0
Disinfected******= 0
Deleted*********= 0
Renamed******= 0
Copied*********= 0
I/O errors******= 0
Warnings******= 0
Corrupted******= 0
New (= Scanned files)***= 160492
Changed (= Mail)***= 188

Regard's
Firefighter

Hi

Maybe I am wrong, but I guess KAV don't scan inside some .cab files
(for example nor in it's own intstall directory)
and nor some selfextracting install files (for example at f-secure install exe),
and I think f-secure for example can scan inside a rar3 archive, thanks for KAV engine
(at least on W2K,on-demand but doesnt't at on-acess, and on W98SE nor on-acess nor on-demand)
but report about only one file if I remember aright.

(And my big disappointment is F-secure, my personal experience is that f-secure is problematic,
at laest the realtime scan surely,
a series of error messages in the event log about doesn't able to scan - and not only pagefile.sys or system dats but many others -
other: the dealer says it scan inside outlook .pst database at on demand, but I am sure it cannot
and see the numbers of hotfixes for 5.30, or for the 5.40 or what is fixed in 5.41)


anyway I don't now which scanner is the best
but I found an interesting site:

http://www.checkvir.com/index.php?CN=2.3.8&CIE=1

in this test was only 172 virus, but more tenthousands of files was infected by them
(maybe these viruses are well known or old, I don't know I'm not an expert)
and almost every tested scanner knows all virus (except panda)

but not all files infected by the same virus was detected

this not 100% detected (some samples found, some not) numbers of viruses in case of RAV: 6
KAV: 3
and NAV: 0

an other point of interest is the disinfection:
it seems to me at this point the winner is panda
(if we can believe this test)

-{ Quote: " quoting: gabor link=board=24;threadid=6360;start=0#42438 date=1042726910]
anyway I don't now which scanner is the best
but I found an interesting site:

http://www.checkvir.com/index.php?CN=2.3.8&CIE=1

in this test was only 172 virus, but more tenthousands of files was infected by them
" }-

I believe they used 1249 (old and new viruses).
List of viruses used: http://www.checkvir.com/viriilist0210.txt



Technodrome

To Gabor from Firefighter!

About KAV, I've seen several tests, where have mentioned that KAV is capable to scan all archives, or I remember wrong again!.

About Checkvir, I've seen that test too. It was interesting, that in October 2002 the "winners" were Avast32 and Sophos, which both got full "dots". If you looked at the statistics, you could make an other conclusion! ::)


Regards,
Firefighter!

maybe

for example kav:
:\WINDOWS\SYSTEM\PRECOPY\BASE5.CAB***Archive***CAB***<ce0000.0.11>
C:\WINDOWS\SYSTEM\PRECOPY\BASE5.CAB/command.com***OK******<cf0000.0.9>
C:\WINDOWS\SYSTEM\PRECOPY\BASE5.CAB/autoexec.ebd***OK******<cf0000.0.9>
C:\WINDOWS\SYSTEM\PRECOPY\BASE5.CAB/config.ebd***OK******<cf0000.0.9>
C:\WINDOWS\SYSTEM\PRECOPY\BASE5.CAB/readme.ebd***OK******<cf0000.0.9>
C:\WINDOWS\SYSTEM\PRECOPY\BASE5.CAB/setramd.ebd***OK******<cf0000.0.9>
C:\WINDOWS\SYSTEM\PRECOPY\BASE5.CAB/extract.exe***OK******<cf0000.0.9>
C:\WINDOWS\SYSTEM\PRECOPY\BASE5.CAB/fdisk.exe***Packed***ExePack***<d70000.0.10>
C:\WINDOWS\SYSTEM\PRECOPY\BASE5.CAB/fdisk.exe***OK***
and so on, so it is able to scan cab

and

C:\KAV\Personal\CD English\data1.cab***OK******<cf0000.0.9>
C:\KAV\Personal\CD English\data1.hdr***OK******<cf0000.0.9>
C:\KAV\Personal\CD English\data2.cab***OK******<cf0000.0.9>
C:\KAV\Personal\CD English\ikernel.ex_***Archive***MS Expand***<ce0000.0.11>
C:\KAV\Personal\CD English\ikernel.ex_/ikernel.ex_***OK******<cf0000.0.9>

and so on

but rav:

C:\KAV\Personal\CD English\data1.cab | Ok
C:\KAV\Personal\CD English\data1.cab->[IShield0000] | Ok
C:\KAV\Personal\CD English\data1.cab->[IShield0001] | Ok
C:\KAV\Personal\CD English\data1.cab->[IShield0002] | Ok
C:\KAV\Personal\CD English\data1.cab->[IShield0003] | Ok
C:\KAV\Personal\CD English\data1.hdr | Ok
C:\KAV\Personal\CD English\data2.cab | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0000] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0001] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0002] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0003] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0004] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0005] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0006] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0007] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0008] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0009] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0010] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0011] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0012] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0013] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0014] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0015] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0016] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0017] | Ok
C:\KAV\Personal\CD English\data2.cab->[IShield0031] | Ok

and so on

I'm afraid it show why RAV count a larger number of files,

but prevent from misunderstanding
my personal favorite is KAV

To Gabor from Firefighter!

Maybe it is in vain to argue, which is the best scanner ever. Everyone has his (her) own system and different needs. I can't use KAV as my resident, because the net surfing stops too often with my cellular phone modem (Siemens ME 45; is 512 MB RAM not enough in my PC?).

That's why I have installed KAV without resident scanner, as my backup.

Personally I use now RAV as my resident. The surfing goes without interrupting, hopefully in the future also.


So anyone have to make his (her) own decisions.


I did it as below. (not so widely of course)

Maybe we have to simplify the whole problem to 4 or 5 basic silly questions, which have certain priorities. We have only to find answers to these questions. The main issue is probability, which lies behind all of these talks.

Questions: Q*********Answers: A


Q 1. Where do we find viruses?

A 1. I think, that they need a host! What is the host then? Yes, a file.

So, we need to seek files first.

Q 2. What is the worst thing to be happened?

A 2. I think that is to be infected with a virus? From where do I then get a virus? I think it is at those sites where in the Wild viruses lies.

So, we need clear up in the Wild capability of virus detection after that.

Q 3. What do you think to be the second worst thing to be happened?

A 3. I think, that somewhere there is a virus, that none had detected yet.

So, we need to clear up the heuristic capability of av:s.

Q 4. How I can be sure, that I am in safe now?

A 4. I think, if the av has enough large virusbase, to get rid of older viruses too.

So, we need to clear up in the Zoo capability of av:s.


I think that here is enough knowledge, to solve a good av for everyone. You can make by yourself some of these tests. A good method is the Cup system, where you take at first let’s say 32 av:s, and rank them according to Technodrome24 (27 av-test) test and/or AV-Test.org tests.

1. against 32.; 2. against 31 etc. and scan them in your PC.

After the whole questions and answers, we have sure not a bad result. The resulting scanner doesn't have any really weak features according to detecting viruses.

The other terms than detecting capability are then an other story!


Regards,
Firefighter!

Yes, KAV monitor is terrible,

it's still slow on my W2K, P4 1.4GHz + 512Mb PC800 (RIMM) RDRAM+
384 kbit/s ADSL

Interesting thread indeed !! ;)

FireFighter,
what's the memory usage in regards to RAV ??

regards,
bill ;)

To Eyespy from Firefighter!

Just now RAV uses at least 26 Mb. But that's not the whole thing.

I think, for some reason, I don't know, KAV Monitor stops the surfin all the time! That's why I use RAV now! >:(


Regards,
Firefighter!

-{ Quote: " quoting: Firefighter link=board=24;threadid=6360;start=0#42512 date=1042758114]
To Eyespy from Firefighter!

Just now at least 26 Mb. But that's not the whole thing.

I think that for some reason, I don't know, KAV Monitor stops the surfin all the time! >:(


Regards,
Firefighter!
" }-

FF,
the Realtime Monitor of RAV interferes with your Internet surfing ? Is this what you mean ??

regards,
bill :)

i loved kav for a long time, but now its simply too slow, but i have found a tweak that works for me. open the kav monitor settings, go to expert mode in the left pane, uncheck my computer (everything) in the right pane, and then check individual folders and files. such as 'documents and settings' - will scan al ie cache etc, temp dir, windows temp dir, desktop, downloaded internet programs, your downlaod folder and everywhere anything from the internet gets stored in.

this method ensures protection against everything new that arrives on your comp, but doesent slow you down at all.

if u want a good resident av scanner ive ecently moved to drweb. its tiny, FAST and has found everything in my little private virus tests

To der@freestart.hu about yesterday from Firefighter!


Hi, unfontunately that what you showed doesn’t clear up the difference’s huge amount between RAV and KAV capability of scanning files. Here I scanned for example the C:\Windows\System 32 with both scanners in my WinXP Home.


KAV 4.0.9 Personal Pro (latest scanner engine 4.0.5.37; best possible scans, all files in C:\Windows\System32, archives scanning, list packed etc.) done 17.1. 2003

(total amount of scanned files 4 976, folders 178, archives 8 and packed 18)
***

Capable to scan [files] 4 976
Scanning time [hrs.min:sec] 0.07:06
Av. scanspeed [files/min] 701
Unable to read [files ÷ ‰ ] 0 ÷ 0 ‰ (corrupted 0 I/O errors 0)


RAV 8.6.104 (all files in C:\Windows\System32, archives scanning, unpack executables)

(total amount of scanned files=new 5 018, folders 177, archives 5 and packed 114)
***
Capable to scan [files] 5 018
Scanning time [hrs.min:sec] 0.03:02
Av. scanspeed [files/min] 1 654
Unable to read [files ÷ ‰ ] 0 ÷ 0 ‰ (corrupted 0, I/O errors 0)

So the difference is elsewhere!

If we have to qualify an av scanner, the first thing is that it must be a robust product. Kaspersky is the best idea ever, but an idea is far away from a robust product.

Maybe we can't clear up the difference of scanning capability between KAV and RAV. But we know that RAV could scan at least more (real) files than F-Secure, which is nr 1. in the Zoo scanner in the world and the second best trojan scanner after KAV (the difference is minimal, thanks to Kaspersky engine).

I made the conclusions according to my first scannig test, where Avast 4 Pro was almost as wide scanner as F-Secure, but RAV could scan so more archives than Avast 4 Pro. ::)


Regards,
Firefighter!

I am in sympathy with Dr.Web too
(but i guess have to be careful with it, made some false alarm for me)

To Tahoma from Firefighter!

DrWeb is an excellent choise.

Maybe a little small wideness of scannig, Avast 4 Pro for example is wider.

DrWeb is absolutely one of the best (with F-Secure) av against new (not detected yet) viruses and also one of the best in the Wild scanners.

I use DrWeb as one of my backups, only because of that distrust to DrWeb's capability to scan enough wide amount of files! :)


Regards,
Firefighter!

to Firefighter

well, i post the report about KAV and RAV in .cab

in front of this when i scan only system32 on W2K,
surprisingly i get this result:
RAV 4057
KAV: 4464

To Gabor from Firefighter!

That's what some call good heuristics. Don't let DrWeb do anything about the suspicious but report.

Scan the suspicious files for example with KAV online scanner later!

About the second issue! If KAV scans so more files in your system, that's what I call, "every system is a new case".

But when we are now writing about KAV, RAV, F-secure, Drweb and probably in the future Avast 4 Pro -- who knows because of the new kernel -- the differences are at last minimal, without a purpose to an average consumer.

The all belongs to the absolute top of scanners.

Regards,
Firefighter!

To Technodrome from Firefighter!

Can you tell a little bit more about Technodrome24 AV-rankings, where RAV was ranked the second ever, 4.7/5 points, when the winner, KAV got 5/5?

I made my own conclusions, that there were no other KAV engine used programs, because there are so many (for example F-secure, which got the best in the Zoo results from the same site and in the av-test.org too).

Were there other arguments than detection rate, the site says that detection rate was the only what matters?

RAV was in the Technodrome24 test behind Pc-Cillin in detection rates. Why Pc-Cillin got 4/5 in Technodome rankings?

I am still very satisfied with RAV, that's why it's my resident, until I get more test results from Avast 4 Pro. >:(

Regards,
Firefighter!

-{ Quote: " quoting: Firefighter link=board=24;threadid=6360;start=15#42998 date=1042921501]
Can you tell a little bit more about Technodrome24 AV-rankings, where RAV was ranked the second ever, 4.7/5 points, when the winner, KAV got 5/5?" }-

RAV has good unpacking engines, good standing against ZOO viruses, and very good detection rate in regards to Trojans and Backdoors. It also scored well in regards to heuristics engine testing.

-{ Quote: "I made my own conclusions, that there were no other KAV engine used programs, because there are so many (for example F-secure, which got the best in the Zoo results from the same site and in the av-test.org too).?" }-

Correct!

-{ Quote: "Were there other arguments than detection rate, the site says that detection rate was the only what matters?)" }-

No! Detection rate was only argument.

-{ Quote: "RAV was in the Technodrome24 test behind Pc-Cillin in detection rates. Why Pc-Cillin got 4/5 in Technodome rankings?" }-

Pc-Cillin lacks unpacking engine, that’s why it scored with 4 out of 5 (4 is not that bad). Pc-cillin was not able to detect some of unknown viruses (due to weak heuristics). Missed trojans and backdoors that were picked by AVP (KAV) or RAV.

Correction: I misunderstood you question. You are probably talking about test done by VirusP(virii collector)? AV test that included 27 AV/AT tools? If yes, then this test is different from AV test I did. I've never published my results.


Technodrome

To Technodrome from Firefighter!

I am referring the 27 AV test made by Technodrome24 sites!

"The truth is out there!"

Regards,
Firefighter!

To Technodrome from Firefighter!

Do you think, that I am so safe that money can buy, if my resident is RAV, and my backups are DrWeb 4,29b and Kav 4.09?

"The truth is out there!"

Regards,
Firefighter!

-{ Quote: " quoting: Firefighter link=board=24;threadid=6360;start=15#43030 date=1042931688]
Do you think, that I am so safe that money can byu, if my resident is RAV, and my backups are DrWeb 4,29b and Kav 4.09?" }-
You will never going to be 100% safe! I hope you are not asking me to say that. But with that weapon arsenal that you got there, I wouldn’t worry a thing.

-{ Quote: ""The truth is out there!"" }-
Yes indeed!


Technodrome

Hi Firefighter. I'm beginning to think that safe is an illusion and an arbitrary concept.
I went to a site two nites ago, lets say a site of questionable lineage, and clicked on a link to download a file. Something I've done before. Well, about two seconds later, I had a BSOD that locked me up tight as a drum.
Every program I had running resident was corrupted. My browser would not browse, my email would not mail and my AV was toast. My firewall configuration was corrupt. My wife wouldn't even talk to me. ::)
Had to restore an image.
I have no clue what happened, but it happened in spite of my best efforts to avoid such stuff.
There is no substitute for a recent image of your drives stored in a safe place. When all else fails, it saves the fresh install route. ;D
I am not belitteling your efforts, just pointing out what has, in the end, saved me more than once.
BTW, I'm a DrWeb/AVP 3.5 fan. My money is on them for virus/trojan protection with TDS as a backup.

Yup, you are right root!

Something like this happens all the time...Surfing web is unsafe these days.

-{ Quote: " quoting: Firefighter link=board=24;threadid=6360;start=0#42512 date=1042758114]
To Eyespy from Firefighter!

Just now RAV uses at least 26 Mb. But that's not the whole thing.

I think, for some reason, I don't know, KAV Monitor stops the surfin all the time! That's why I use RAV now! >:(


Regards,
Firefighter!
" }-

At least 26MB ? It's using less than 5MB in my System.

To Spaceboy from Firefighter!

My RAM is 512 MB and system winXP Home. Just now ravtray8.exe is 16 416 kb, ravmon 7 820 kb and, Oh sorry, I counted alg.exe 4 292 kb within, because I couldn't update the RAV before alg.exe was added to trusted applications in my Outpost!

Regards,
Firefighter!

-{ Quote: " quoting: root link=board=24;threadid=6360;start=15#43063 date=1042939631]

.
BTW, I'm a DrWeb/AVP 3.5 fan. My money is on them for virus/trojan protection with TDS as a backup.
" }-
Hi Root
Do you have both DrWeb and AVP 3.5 running resident?

Nope. DrWeb is running resident. I don't even have AVPs monitor installed. When I tried to install other AVs with DrWeb on my computer I was having major problems.
Finally someone helped me and said only install another scanner and updater. That way DrWeb won't freak out.
Finally got AVP scanner and updater installed after weeks of trying to get a backup for DrWeb installed. Something wierd about my system, because others don't have the same problem.

i confess, i did not read every post in this thread. but think about this: while an av scanner (like my etrust ez av 6.125) cannot scan open files, it has a seperate real time scanner that is monitoring those open files, so nothing is missed.. :) i am confident the realtime scanner would have caught those files as they were opening.

im using drweb these days, + drwebs spidermail mail protection. not sure if drweb is in the absulute top3, but its DAMN SMALL, incredibly fast, the only background scanner ive used that doesent slow down at all. kav slows down a lot, but is good, so i using that as my on demand scanner. dr web is also catching all those ie exploit and html viruses out there and all the viruses in my own personal collection, unlike nod32 (doesent catch trojans at all, i know its a pure virus scanner that doesent target trojans, but whats the point in using nod32 then?)

thats all iw anted to say really. drweb is FAST and pretty good

-{ Quote: " quoting: tahoma link=board=24;threadid=6360;start=30#43888 date=1043294665]
unlike nod32 (doesent catch trojans at all, i know its a pure virus scanner that doesent target trojans, but whats the point in using nod32 then?)

" }-

Its an 'antiVIRUS' its there to catch Virus' which it does better than any other, results speak for themselves.