|
|
#1
May 2nd, 2010, 01:02 PM
|
|||
|
|||
Tips on reading VirusTotal results
How do you read VirusTotal, if any of the 40 or so results is positive its dirty? Or do you require more than one positive?
Thanks
__________________
. Avast Free 5.0 - All Shields Up |
|
#3
May 2nd, 2010, 01:07 PM
|
||||
|
||||
|
Re: Tips on reading VirusTotal results
Above 10 would be good...
__________________
∆√♪ηάکђ ℓєтک υηcσммpℓιcαтє http://www.adminus.net http://technonxt.wordpress.com |
|
#4
May 2nd, 2010, 01:09 PM
|
||||
|
||||
|
Re: Tips on reading VirusTotal results
Quote:
With a pinch of salt :-) Check what imports the file has, if there is a ThreatExpert report on it, and what hit(s) google has for that MD5. |
|
#6
May 2nd, 2010, 01:25 PM
|
|||
|
|||
|
Re: Tips on reading VirusTotal results
Ooops.
__________________
. Avast Free 5.0 - All Shields Up |
|
#7
May 2nd, 2010, 01:40 PM
|
||||
|
||||
|
Re: Tips on reading VirusTotal results
Agree, and check which scanner is giving the result. If it's symantec, giving the only report, I usually rate that higher over a smaller AV which might have far more false positives.
__________________
Fine Art Landscape Photography 
|
|
#8
May 2nd, 2010, 02:07 PM
|
||||
|
||||
|
Re: Tips on reading VirusTotal results
You might like this write-up
http://blog.didierstevens.com/2008/0...s-detect-this/ as posted http://www.wilderssecurity.com/showthread.php?t=208007
__________________
once we only had ideals, today they are the only things we are missing Microsoft MVP, 2006 - 2013/14 |
|
#9
May 2nd, 2010, 02:11 PM
|
|||
|
|||
|
Re: Tips on reading VirusTotal results
Quote:
 They should remove that from the engine used by VirusTotal. |
|
#10
May 2nd, 2010, 02:11 PM
|
||||
|
||||
|
Re: Tips on reading VirusTotal results
I always take my final decision on me, i mean even if a few AV's flagged it as malware and i know this file is clean i consider it clean. (Based on other aspects)
Of course if lots of AV's flagged it as malware i won't open it 
__________________
Emsisoft Anti-Malware v7.0.0.21 - Online Armor 6.0.0.1736 SRP - UAC - EMET Browser: Google Chrome v25.xx Windows 7 Ultimate x64 |
|
#11
May 5th, 2010, 05:49 AM
|
||||
|
||||
|
Re: Tips on reading VirusTotal results
Quote:
Well, funny that you mention this. It seems that AV vendors have completely lost their sense of humour. The bellow are the results for completely innocent PlaceboAV joke. Leaving the other misclassifications aside, one strikes me really. Fraudtool?! Looks like the mankind is doomed if someone buys this product.   ~Virus Total results removed per Policy~ Last edited by ronjor : May 5th, 2010 at 08:46 AM. Reason: Virus Total results removed |
|
#12
May 5th, 2010, 06:27 AM
|
|||
|
|||
|
Re: Tips on reading VirusTotal results
If the first submission of the file is really recent then my opinion is that the results have no value at all.
- If the file is known to virustotal for more than a week-10 days, then you can start to trust the results. - Check what Ikarus says since it seems the more "honest" AV out there, specially if your file is a high risk file, like a keygen/patch. - Check if the rest of the AVs agree about the file. - Compare what signature based AVs say and what those that have a cloud technology. - Then...check what ThreatExpert has to say. - At the end...ok, you know it...you cannot be sure 100%. So ignore virustotal and run the file on an isolated virtual machine or using software like shadow defender. Sandboxie could be an option too. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
