Scan Log -- Show Unknown

Discussion in 'Trojan Defence Suite' started by ano7, Jan 3, 2004.

Thread Status:
Not open for further replies.
  1. ano7

    ano7 Guest

    Is it possible to scan with TDS a malware archive in a way that only the UNDETECTED samples are logged?

    TIA.
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    You could give TDS Scan Control > scan exclusions tab a try ;)

    regards.

    paul
     
  3. ano7

    ano7 Guest

    Thanks Paul,

    but if I am not mistaken we are talking about two different things. It seems to me that scan exclusions exclude folders from being scanned.

    By contrast, I want a folder to be scanned. And I want TDS to log only those files which are not detected. For example, I may want to scan a malware archive with 100 trojans. I may not be interested in the trojans which are detected by TDS but I may only be interested in the few trojans which are (possibly) not detected. I could easily submit those trojans to DCS etc. and I would not need to analyze the entire scan log.
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Putting the new malware files in a different folder seems the only solution as far as I can see it - and putting other/later new ones found in just another folder after that ;)

    regards.

    paul
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    No.. sorry this isnt something we included at the time :/ There isnt an easy way to do this that I can think of, apart from right click delete a few times to get rid of detected files. Thanks for the idea.. I would have been happy with some new samples :) We can look at making an upcoming scanner have something useful for doing this.

    Its not a home user feature though. Its easy to implement something like it when making commandline options available.. but the easiest would be just a delete parameter that deletes all positively ID'd files. Whats left wasnt detected, would this be enough ?
     
  6. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I suppose with this feature TDS will become a tool for malware writers.
    How many users would have an archive with undetected trojans :)
    But it is quite easy to write a SS3 script for that
    Dolf
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.