Buggy advanced heuristics

Discussion in 'NOD32 version 2 Forum' started by Megachip, Oct 5, 2007.

Thread Status:
Not open for further replies.
  1. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    Hello Eset, hello community ...

    As seen in this and many other threads, nod seems to get trouble with his previously excellent heuristics...

    Seems it have problems with bigger textfiles... (aprox 20 MB).

    Can someone confirm this?
    Can ESET try to find the bug... (IMHO in former times nod didn't had so much false positives)

    Here some new false positives (sorry, at the moment i did have the files to send them to eset)

    4 some of our employees its very hard to work, if they even get an virus alert and didn't know what they have done false... (nothing because false positive)

    I hope the problem will be fixed soon...

    Regards Meg
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    This is not heuristic detection, it's signature based. Could you please compress the files with RAR/ZIP and upload it to our ftp as you did last time? Let me know when done.
     
  3. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    Seems that all FP's are fixed... THX to Marcos, THX to eset...

    but why nod use 99% of cpu when checking big (aprox 12 mb) compressed files?

    Regards
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    You're welcome ;)

    In my opinion, this has probably something to do with parsing large logs. This could be probably fixed by parsing only a couple of the first lines of a text file, but on the other hand this might open a potential security hole. I'll ask our developers about this.
     
  5. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    Upped again 2 FPs... hopefully this help to identify the problem...


    Regards :(
     
Thread Status:
Not open for further replies.