15 ответов в этой теме

[cyber kurajber]

It seems to me that Dr.Web has no such good detection rate as we could expect. I used Dr.Web's CureIt and one of the free antivirus (not Avira) to scan archive which contains 415 malware files. CureIt found and removed only 313 files. The other antivirus found and removed 386 files.

It is to 17.6% worse result for Dr.Web!?

Did I make mistake somewhere in this small test?

(I am willing to send the archive to the Dr.Web's analysts if they are interested)

Thanks for your comments.

[Malex]

It seems to me that Dr.Web has no such good detection rate as we could expect. I used Dr.Web's CureIt and one of the free antivirus (not Avira) to scan archive which contains 415 malware files. CureIt found and removed only 313 files. The other antivirus found and removed 386 files.

It is to 17.6% worse result for Dr.Web!?

Did I make mistake somewhere in this small test?

(I am willing to send the archive to the Dr.Web's analysts if they are interested)

Thanks for your comments.

You know it's really hard to come to conclusion that Dr.Web lacks in detection because of only 415 files (and it's 17.6% worse result).
Many factors should be taken into consideration: from the curing abilities and false alarms to the ergonomic characteristics and updating availability.
If you are sure that you are using the latest CureIt and you want to make it better - send undetected files to the analysts here - http://vms.drweb.com/sendvirus/. Please attach only one file per submission fulfilling your e-mail and choosing the submission category - Suspicious file.

After recieving tickets you can publish them here to help the analysts analyze them quickly and append new signatures into their's base.

[cyber kurajber]

Please attach only one file per submission fulfilling your e-mail and choosing the submission category - Suspicious file.

There are 102 files, so it means that I must attach file and fulfill my e-mail 102 times!? I hope there is an easy way to send these files to Dr.Web. May be they can give me ftp access to some folder to upload archive?

[Malex]

Please attach only one file per submission fulfilling your e-mail and choosing the submission category - Suspicious file.

There are 102 files, so it means that I must attach file and fulfill my e-mail 102 times!? I hope there is an easy way to send these files to Dr.Web. May be they can give me ftp access to some folder to upload archive?

Maybe

[cyber kurajber]

Apologize for bad English.

Maybe they can provide me ftp access for uploading a bunch of malware that Dr.Web cannot detect and after that Dr.Web may be achieve better detection rate?

Is this better?

[Eugeny Gladkih]

Apologize for bad English.

Maybe they can provide me ftp access for uploading a bunch of malware that Dr.Web cannot detect and after that Dr.Web may be achieve better detection rate?

Is this better?

just send them in one archive, not a problem. it'll take a little bit more time for the answer. I guess all of that files are a garbage or trash. regarding detection rate, please read this statistics

[sr]

...I guess all of that files are a garbage or trash. regarding detection rate...

I reported it as bug http://bugs.drweb.com/bug_view_advanced_pa...?bug_id=0025248, but scanning in garbage or trash is normal drweb behavior.

Eugeny Vasiliev: This is normal. The scanner ignores the CRC in order to extract the maximum amount of data; Enough to extract the section of the code, which may detection.

[cyber kurajber]

I'm not sure about what garbage you are talking about? It is archive prepared for testing diferent antiviruses programs. It contains 415 selected files (viruses, worms, USB worms, trojans, spyware). On manual scanning Dr.Web removed 313 files and left 102 files. Other antivirus I used found many malware among these files. I launched these files to see if Dr.Web would detect it on launching. Dr.Web catched up a few more malware but, finally, left about 90 files. Then, I launched evry file to see what will happen ( ) and after that I scanned PC with MBAM which found 64 malware files and registry entries, mostly backdoor trojans and vundo variants. So, I doubt that all of these files are garbage.

I tried to sent these files to Dr.Web using website form but the conection both times was closed before the archive was uploaded. Can you provide me email address so I can send the archive to Dr.Web if they are interesting at all in files I am talking about?

[Eugeny Gladkih]

I'm not sure about what garbage you are talking about? It is archive prepared for testing diferent antiviruses programs. It contains 415 selected files (viruses, worms, USB worms, trojans, spyware). On manual scanning Dr.Web removed 313 files and left 102 files. Other antivirus I used found many malware among these files. I launched these files to see if Dr.Web would detect it on launching. Dr.Web catched up a few more malware but, finally, left about 90 files. Then, I launched evry file to see what will happen ( ) and after that I scanned PC with MBAM which found 64 malware files and registry entries, mostly backdoor trojans and vundo variants. So, I doubt that all of these files are garbage.

I tried to sent these files to Dr.Web using website form but the conection both times was closed before the archive was uploaded. Can you provide me email address so I can send the archive to Dr.Web if they are interesting at all in files I am talking about?

virus monitoring service

[cyber kurajber]

Thanks for the email Eugeny, I will send the archive tonight. Hope to get some response.

One more interesting thing.

I scanned the archive in two ways: running a scan using icon on the desktop and running a scan using shortcut from the context menu. There are differences in results between these two ways of scanning. In the first case Dr.Web removed 304 files, and in the second case 313 files. So when running a scan using shortcut in the context menu Dr.Web removed 9 files more! This is interesting to me because it seems that Dr.Web scanner uses only one profile.

[PiCo]

Thanks for the email Eugeny, I will send the archive tonight. Hope to get some response.

One more interesting thing.

I scanned the archive in two ways: running a scan using icon on the desktop and running a scan using shortcut from the context menu. There are differences in results between these two ways of scanning. In the first case Dr.Web removed 313 files, and in the second case 304 files. So when running a scan using icon on the desktop Dr.Web removed 9 files more! This is interesting to me because it seems that Dr.Web scanner uses only one profile.

The settings are different I think.
Check to see.

[Konstantin Yudin]

and after that I scanned PC with MBAM which found 64 malware files and registry entries, mostly backdoor trojans and vundo variants. So, I doubt that all of these files are garbage.

MBAM it it's not antivirus. it's stupid filename based detector...fake. IMO

[cyber kurajber]

Another strange thing with Dr.Web. I scanned the files running scan from shortcut in context menu and Dr.Web detected and removed 313 files. Then I scanned the files one more time, same way as the first time - running scan from the shortcut in the context menu and Dr.Web detected and removed 9 files more!? So, it seems that Dr.Web has one more unique characteristics - it can think and change the opinion, so if this is not the artificial intelligence ...

[risl]

garbage = files that don't work, are obsolete, corrupted or dont do anything malicious and therefore it's not wise to add a detection for them.

Some vendors like to add detections through automated methods from every vx-collection there is and honeypots. It's probably also popular to make automatic detection for files received from jotti/virustotal if some other vendor detects the file too. They can quickly add huge number of "malware" to their databases without even analyzing a one single sample.

.. these vendors will gain good numbers on av-tests but the quality of detections are poor and this kind of software is unreliable.

[cyber kurajber]

Thanks for explanation risl.

I sent the suspicious malware files to Dr.Web (the only way that files could be sent was to upload them and to send link) last night. I hope to get some response.

[C.S.J]

and after that I scanned PC with MBAM which found 64 malware files and registry entries, mostly backdoor trojans and vundo variants. So, I doubt that all of these files are garbage.

MBAM it it's not antivirus. it's stupid filename based detector...fake. IMO

I never knew this Konstantin,

i know it offers good removal rates, but ive also noticed many False Alarms whenever i have tried it.

i certainly would never have recommended someone to use MBAM instead of an antivirus, but i still believe its a good free tool to add to one.