Well here is the poll for The Best Antivirus heuristic analyzer. Post your comments or whatever you want...

Technodrome

DrWeb32's heuristic produces some false positives and KAV's heuristic is too cautous for me. So I choose NOD32. :)

wizard

Did you try the latest version from DrWeb32 ????

False positives from DrWeb were common in 4.xx-4.19 (if memory serves me right). There has been a great improvement over past DrWebs versions...

Technodrome

Last one I tried was 4.27a. At the moment I am a little bit unhappy with the DrWeb/Dials people. They do not answer my emails. :(

wizard

IMHO, NOD32 tops the pack you have select in heuristics scanning.

Just my two cents...

-javacool

NOD32 is king.

Nothing of this above ... .

trojans: F-Prot
macro: F/WIN32
dos: RHBVS
scripts (VBS, CS, ...): RHBVS / f_mirc
windows: PEHead (i don't know if ralph integrated it in RHBVS so far)

Nod32 causes some false postives with dos files and misses many script viruses.

By the way, f_mirc and rhbvs did a complete analysis of the found malware, too :o).

Adieu, Andreas

The heuristic of f-prot for trojans is nice indeed but has a big problem. When the trojan is packed or crypted there is no chance for the heuristic. For (backdoor-)trojans TDS-3 might be the better choice because heuristic rules also apply to process memory scanning.

F/Win32 is outdated. The product is not developed any longer. Last version is from April 2000. It was a good product. For macro viruses heuristic I would vote for NOD32 at the moment.

For script malware Wormguard is my favourite choice.

wizard

>F/Win32 is outdated. The product is not developed any
>longer. Last version is from April 2000. It was a good
>product. For macro viruses heuristic I would vote for
>NOD32 at the moment.

*lach* - there weren't any big changes in the macro virus developement since 2000 ;o). You may try it. The F/WIN32 heuristic is still the best.

>For script malware Wormguard is my favourite choice.

Do you ever compared f_mirc/RHBVS with wormguard?

Adieu, Andreas

So, is DrWeb Russian code?

Yes - Headquarter is in St. Petersburg as far as i know.

Adieu, Andreas

{QUOTE-> Yes - Headquarter is in St. Petersburg as far as i know.

Adieu, Andreas <-QUOTE}
Hi Andreas,

Thanks for reply. Did some Googleing - here's some company info:

http://www.dials.ru/english/company/home.htm

Regards,
Blacksheep

The official homepage for DrWeb seems to be:

St.Petersburg antivirus laboratory by Igor Daniloff
(SalD Ltd.)

http://www.sald.com/

wizard

as far as i know its sald.com :o).

Adieu, Andreas

Thanks for sald link - added to bookmarks.

I must try DrWeb soon...

Regards,
Blacksheep

Official site for DrWeb is http://www.dials.ru/english/home.htm

http://www.sald.com is distribution site!!!

Technodrome

{QUOTE-> Official site for DrWeb is http://www.dials.ru/english/home.htm

http://www.sald.com is distribution site!!!

Technodrome
<-QUOTE}

Dials is a very suspicious company. They do not answer any of my emails. So they would not gain a new costumer. :(

wizard

They need more English-language speaking people!!!! *:'(

You should try German site (in English) http://drweb.imshop.de/index1.asp?sprache=en

Maybe there is still hope for them *;)