The reason for these facts.

niceTyp · #1 July 21st, 2008, 08:14 AM

In the last week I have a problem with a virus and I was curios that NOD32 don't found this virus but over 50% of the Scanner in Virustotal found the virus.
I send a sample to samples@eset.com and it takes over 5 days that eset include the virus in the virus database of Nod32.
I try a similar thing few days ago. and send some rootkits to samples@eset.com 30% of the scanner found the rootkits. But I'm sure that eset needs again 5 or more day to include it in the database.
Why take this sooo many time?

Also this fact make me thing about the quality of Nod32.

http://mtc.sri.com/live_data/av_rankings/

and

http://www.av-comparatives.org

Edit: www.av-comparatives.org only allows posting links to their main website

Marcos · #2 July 21st, 2008, 08:58 AM

I take liberty to inform you that ESET reserves the right to choose the appropriate priority to submitted samples. Taking into account that thousands of new threats are created on a daily basis, there must be certain priority assigned to each sample based on specific ciriteria. People who submit samples from their systems and enclose additional information are dealt with almost immediately and detection is usually added to one of the upcoming updates.

When refering to a certain test, you should always consider the methodology used. It's important to know the source (ie. samples from honeypots are often corrupt and thus non-functional), what settings were used for testing, what version was used for testing, etc. Each vendor should have a chance to test the samples their AV missed - this would allow us to analyse the files and count the number of non-functional files used in the test.

niceTyp · #3 July 25th, 2008, 06:30 AM

undetected by Nod32, I have here also 9 rootkits since 5 days and 30% of the scanner detect this files except Nod32 because of the lower priority of such files that often change itself.

GAN · #4 July 25th, 2008, 10:42 AM

Quote:

Originally Posted by niceTyp

undetected by Nod32, I have here also 9 rootkits since 5 days and 30% of the scanner detect this files except Nod32 because of the lower priority of such files that often change itself.

And you know for sure those files are infected? Virustotal doesn't always give the correct answer and i have seen a lot of false positives when using virustotal. If only 30% detect a threat i guess nod32 is not alone when not detecting the threat. Certain type of files is often detected as a threat even if that might not be the case.
I'm not necessarily saying those nine samples are clean, but how do you know for sure they are infected?

niceTyp · #5 July 25th, 2008, 11:21 AM

now are 15/35 (42.86%) I can send you the files if you want to try.

Bubba · #6 July 25th, 2008, 11:28 AM

Quote:

Originally Posted by niceTyp

now are 15/35 (42.86%) I can send you the files if you want to try.

We do not share malware at this site and suggest you
re-read what Marcos wrote above. Also, Support in this forum is not about posting %'s on a daily basis of who's found what.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search