Scan Log -- Show Unknown

Discussion in 'Trojan Defence Suite' started by ano7, Jan 3, 2004.

Thread Status:
Not open for further replies.
  1. ano7

    ano7 Guest

    Is it possible to scan with TDS a malware archive in a way that only the UNDETECTED samples are logged?

    TIA.
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    You could give TDS Scan Control > scan exclusions tab a try ;)

    regards.

    paul
     
  3. ano7

    ano7 Guest

    Thanks Paul,

    but if I am not mistaken we are talking about two different things. It seems to me that scan exclusions exclude folders from being scanned.

    By contrast, I want a folder to be scanned. And I want TDS to log only those files which are not detected. For example, I may want to scan a malware archive with 100 trojans. I may not be interested in the trojans which are detected by TDS but I may only be interested in the few trojans which are (possibly) not detected. I could easily submit those trojans to DCS etc. and I would not need to analyze the entire scan log.
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Putting the new malware files in a different folder seems the only solution as far as I can see it - and putting other/later new ones found in just another folder after that ;)

    regards.

    paul
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    No.. sorry this isnt something we included at the time :/ There isnt an easy way to do this that I can think of, apart from right click delete a few times to get rid of detected files. Thanks for the idea.. I would have been happy with some new samples :) We can look at making an upcoming scanner have something useful for doing this.

    Its not a home user feature though. Its easy to implement something like it when making commandline options available.. but the easiest would be just a delete parameter that deletes all positively ID'd files. Whats left wasnt detected, would this be enough ?
     
  6. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I suppose with this feature TDS will become a tool for malware writers.
    How many users would have an archive with undetected trojans :)
    But it is quite easy to write a SS3 script for that
    Dolf
     
Thread Status:
Not open for further replies.