Anti-virus tester

What do you mean about KLIK ?

It seems to be a nice thing. F-secure passes all tests, KAV doesn't give any sign of virus.

 

Well i have just tested with panda platinum and the etrust promo.

Panda only passed the eicar test and etrust passed none!

 

NAV2004 did passed all tests.

 

The link doesn't work...

 

Oh, yes, it works ...

 

McAfee 7.1 found all 4.

 

Kloshar-
Thanks for the link, that's pretty cool.

I tested Symantec Corporate and Avast Pro so far. Symantec passed all four and Avast passed the EICAR test and the enhanced worm test, failed the other two. That was with the resident scanner set to highest level of protection.

 

Why Kaspersky doesn't detect any of it?

 

On demand eScan (free) found all 4. Also DrWeb.

 

I'd be surprised if anyone above junior member clicks on the referenced link.

Using mouse tip info it looks to be a zip file, with an ftp path.

Half the battle of safe computing is knowing when not to click on a link to satisfy that ol' curiosity.

may be safe, but I'll pass.

Googling damselsoft got me more info. Site domicile is India (not that good things can't come out of non US based sources).

found this discussion at Computer Cops (I'm not the only one who will not click the refereced link without knowing what I am clicking on; if I am familiar with the poster and their level of awareness I might not have a problem - not the case.)

http://computercops.biz/postt6209.html&view=previous


also this from computerworld gives some insight on what the program does if it is the same program:

http://drn.digitalriver.com/product.php?id=56121&SiteID=computerworld

good luck

 

Ha ! Link to program home page: http://www.damselsoft.freeservers.com/

 

Another discussion about this program can be found here https://www.wilderssecurity.com/showthread.php?t=14491

As I recall KAV did not detect any of these files, because none of these files were created on the computers in their labs. Thus there was nothing for it to detect. The help file to this program says the files are created on your hard drive or whatever, but I too was never able to see any files being created on my computer.

 

It helps a person gain peace of mind to browse around before just simply downloading at will. I know after browsing this ftp site I'll be adding it to my favorites list. I've never seen so many security related tools and applications in one place. To be clear, it does not look like a warez site or anything like that, just hundreds of security applications in one place, ready to download.

Anyway, back on topic, Noman Virus Control passed all 4 tests.

 

F-Secure AV 2004 passed all 4 tests.

 

eTrust Promo7 Vet engine (the resident shield) failed them all. Strange, it passed 3 of the a few months ago..

 

KAV Personal Pro 4.5 failed all 4, OTOH McAfee VirusScan Enterprise beta catches all.
One thing I noted that 4 files were saved in the C:\ root directory after McAfee
detected and blocks them all. Strange why KAV can't catch it.

- AgentX

 

Kaspersky quarantained this one:

Bij de Sluiten van het bestand "C:\Documents and Settings\Gerard Willems\Local Settings\Temporary Internet Files\Content.IE5\W5Y8WBB1\test-bid6481[1].htm" is het virus "Exploit.HTML.ViaSWF" van de engine "Kaspersky" ontdekt. Bestand opgeschoond: Nee. Bestand verwijderd: Nee. Geïsoleerd: Ja.

 

Did you disable the McAfee RTM first or something? Since McAfee seems to just detect the testing program itself when it's installing.

 

I did not click on the ftp server in India , but tried to download the the Eicar test virus from the official website.http://www.eicar.org/anti_virus_test_file.htm

my e trust v7 passed fine using Vet

 

peakaboo,

I don't really know what you're trying to say. You have just loaded some words and that's it. No realy sense. You look like a real paranoic.

 

Peakaboo doesn't trust the link, and neither did I. That's all. Let's keep on topic and away from personal comments

 

I still didn't get an answer why Kaspersky didn't detect any of it? F-secure didn't write a name of a virus, it has just deleted it. That is a resoult of a good heuristics.

 

I am very concerned that KAV didn't detect it. Norton even heuristically detected the tester as a VB worm - I don't think it is, but it found the characteristics.

 

I did disable the RTM before installing the program. Then I excluded the
installed path from RTM detection. Then I enabled RTM back and fired up
the tester. In short, I made sure it didn't block the whole program.

BTW, I tested AVP 3.5 with latest updates and it does detect all 4 attacks.
Though, it does nothing to prevent them and tester reports the program as
failed one. However it does detect all the attacks and presents a choice to
clean it, which I didn't try.

Just like McAfee, the AVP also detects all four files in C:\ root directory ..so
I am sure that the program does create temporary files somewhere. It
amazed me why KAV 4.5 failed the test, and I'm also curious about the
method it uses to throw attacks on system.

Regards,
AgentX

 

Ok here we go...

* fireup a hex editor ( no disassembler needed, i did it already, so trust me )

* load av3.exe

search for FF|15|54|10|40|00 and replace this with 90|90|90|90|90|90 ( Asm command "NOP" - do nothing )

This pattern should be detected 4 times in this file - replace this OpCode ( It's a call into the VB Runtime Lib for deleting files, called "KILL" command in VB) with our NOP commands.

Then the files remaining on your hard disk (drive c) after you did press "test" and you can view them in your editor (notepad for instance)

Regards,
Godzilla