AV test

Discussion in 'other anti-virus software' started by minacross, Aug 13, 2008.

Thread Status:
Not open for further replies.
  1. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    I had some spare time :cool: so I decided to make a test
    - I created 4 files containing the eicat test file: .txt,.com,.exe,.bat .
    - I added them to a .7z archive.
    - I added the .7z archive to a .zip archive.
    - I added the .zip archive to a .gz archikve.
    then I submitted the three archives to virustotal.com. The site showed almost the same results in the 3 cases, only 8 scanner out of 36 detected the file.. :doubt:
    ~Link removed. Read the Policy.- Ron~
    does this have any significance? Can any AV guru comment on this pls? o_O
    thanx in advance..
    BTW, it was surprising seeing that the "new" Chinese Rising AV is among the 8 AVs
     
    Last edited by a moderator: Aug 13, 2008
  2. ola nordmann

    ola nordmann Registered Member

    Joined:
    May 6, 2007
    Posts:
    89
    Your test is pretty worthless, I'm sorry to say:p

    Most scanners have a limit on archive recursion, because it takes a long time to unpack and also it can take up a lot of memory (or temp files) to scan an absurd number of archives within archives.

    The thing is every realtime scanner will detect as soon as you unpack, so the malware can never do harm anyway :)
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Not all scanners support 7zip and\or gz atchive types.
    Then not all scanners have proper settings to scan inside multiple packed files.
     
  4. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    Scanning archives really is pointless. as soon as the sucker is extracted it will get nabed by the real time scanner. so whats the point about worrying about archives. ?
     
  5. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I'd say that scanning archives is useful. Better to catch something before it has a chance to execute !

    On the other hand, if AV's scanned archives within archives without end, it would be easy to disable the AV !
     
  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Rather pointless I'd say because as soon as a virus is extracted, it will be caught.
     
  7. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    with avira it don't even have to be tried to be executed. im sure the same with other AV's as soon as the file is Exacted to desktop or anywhere else its scanned even before you try to run it.
     
Loading...
Thread Status:
Not open for further replies.