593 Viruses in zip

Discussion in 'NOD32 version 2 Forum' started by linx05, Mar 10, 2005.

Thread Status:
Not open for further replies.
  1. linx05

    linx05 Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    30
    I have a zip file of 593 viruses. I found this on a message board. A lot of the other anti-virus programs were giving great results. Sadly NOD32 only caught 540. I have sent the zip to ESET in mid February. I haven't gotten a reply nor have the definitions been added. I'm going to send the zip again for the third time. Please take a look at it!
     
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
  3. linx05

    linx05 Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    30
    Yeah I noticed that. I went into the NOD32 forum and couldn't find my post. I accidently posted it in the wrong forum :/
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi linx05 - I have moved your thread from the Look'n'Stop forum and into the Nod32 forum. I also noticed you made a similiar post here. Please stay with one thread when it's about the same subject and not cross-post as it can confuse things for those wanting to answer your questions. ;)

    Regards,

    snap
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
  6. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    if some samples are NOT in-the-wild viruses, but instead "zoo" viruses, as used in "testing" AV solutions, NOD32 will not find them BY DESIGN.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    These collections of 400-500 viruses contain old DOS viruses, mostly COM files, out of which most are simple a sort of garbage and shouldn't be detected whatsover. (as far as I remember, there were also some virus removal programs among them). What's more, most of DOS viruses are not functional on Win32 platforms.
     
  8. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    I strongly disagree with the BY DESIGN part. NOD32 detects zoo viruses too but not files incapable to replicate...
     
  9. Gauthreau

    Gauthreau Guest

    NOD prides itself on its "in the wild" detection", not on it's total detection ability (this can be seen in its promotions of "Since May 1998, NOD32 has been the only antivirus product in the world that has not missed a single (ItW) worm or virus in the rigorous testing conducted by the Virus Bulletin." However, we all know that there are problems with the definition of "in the wild", and that the lesser detected complex "zoo" viruses that are commonly poo-pooed by Eset and loyal followers present all those on the internet a real problem. NOD needs to focus on these rather than relying solely on VB tests as an indicator of the efficacy of their product. Please read the following link for further info:

    http://www.securityfocus.com/infocus/1813


    Neil
     
  10. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    ok - qualification ...

    if they are zoo viruses incapable of reproduction, and/or dos viruses incapable of running under win32... they would not be detected BY DESIGN.

    Clearer now?
     
  11. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I don't believe that is correct.

    See: http://www.av-comparatives.org/
    On-demand comparative February 2005

    "The anti-virus scanner must detect 100% of the
    ITW-samples and at least 85% of our zoo-samples
    on demand"

    Note:
    Total Detection rate (including DOS and otherOS)

    It looks to me like they have really improved their zoo detection
    from that test.
     
  12. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    I see no reason to exclude DOS viruses from detection.... if they are able to replicate in dos
     
  13. alx92388

    alx92388 Guest

    Even if something is incapable of replication, can't it still cause damage?
     
  14. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    both this and the previous post by mrtwolman probably deserve some clarification from the good folks at Eset...
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Eset picks up signatures of all threats, regardless whether they are capable of replication or not, whether they are DOS-based, Win32 or Linux viruses. We just don't pick up signatures from corrupted files and files which are actually harmless and should not be detected whatsover.
     
  16. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    ok - there we have it...

    those zip files contain files which are either corrupt, harmless or simply should not be detected, AS WELL as viruses (DOS and otherwise), that ARE detected - ergo, the difference in file count and NOD32 detection.
     
  17. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Item to note:

    When sending samples that appear to not be detected by NOD32, add the .bat extension to them before submission. Some Vx sites have many of these "samples" and as such are not executable and harmless. If one was to add the appropriate extension (i.e. .bat), AMON will spring into action. ;)
     
Thread Status:
Not open for further replies.