Well here is the poll for The Best Antivirus heuristic analyzer. Post your comments or whatever you want... Technodrome
DrWeb32's heuristic produces some false positives and KAV's heuristic is too cautous for me. So I choose NOD32. wizard
Did you try the latest version from DrWeb32 ? False positives from DrWeb were common in 4.xx-4.19 (if memory serves me right). There has been a great improvement over past DrWebs versions... Technodrome
Last one I tried was 4.27a. At the moment I am a little bit unhappy with the DrWeb/Dials people. They do not answer my emails. wizard
Nothing of this above ... . trojans: F-Prot macro: F/WIN32 dos: RHBVS scripts (VBS, CS, ...): RHBVS / f_mirc windows: PEHead (i don't know if ralph integrated it in RHBVS so far) Nod32 causes some false postives with dos files and misses many script viruses. By the way, f_mirc and rhbvs did a complete analysis of the found malware, too ). Adieu, Andreas
The heuristic of f-prot for trojans is nice indeed but has a big problem. When the trojan is packed or crypted there is no chance for the heuristic. For (backdoor-)trojans TDS-3 might be the better choice because heuristic rules also apply to process memory scanning. F/Win32 is outdated. The product is not developed any longer. Last version is from April 2000. It was a good product. For macro viruses heuristic I would vote for NOD32 at the moment. For script malware Wormguard is my favourite choice. wizard
>F/Win32 is outdated. The product is not developed any >longer. Last version is from April 2000. It was a good >product. For macro viruses heuristic I would vote for >NOD32 at the moment. *lach* - there weren't any big changes in the macro virus developement since 2000 ;o). You may try it. The F/WIN32 heuristic is still the best. >For script malware Wormguard is my favourite choice. Do you ever compared f_mirc/RHBVS with wormguard? Adieu, Andreas
Hi Andreas, Thanks for reply. Did some Googleing - here's some company info: http://www.dials.ru/english/company/home.htm Regards, Blacksheep
The official homepage for DrWeb seems to be: St.Petersburg antivirus laboratory by Igor Daniloff (SalD Ltd.) http://www.sald.com/ wizard
Official site for DrWeb is http://www.dials.ru/english/home.htm http://www.sald.com is distribution site!!! Technodrome
Dials is a very suspicious company. They do not answer any of my emails. So they would not gain a new costumer. wizard
They need more English-language speaking people!!!! You should try German site (in English) http://drweb.imshop.de/index1.asp?sprache=en Maybe there is still hope for them