=============================================== File 6BDOSFIL.TXT DOS.I: Detailed results of File Virus Detection of on-demand scanner tests under DOS: =============================================== (Formatted with non-proportional font: Courier) The following tables summarize detection and identification quality concerning FILE viruses as well as selected FILE MALWARE (as far as applicable), both in full "zoo" virus collection and for viral ITW testbed. Moreover, results for detection of viruses in files com- pressed with 4 popular packing methods are also given. Finally, a special test was performed concerning "false positive" virus detection of selected files which were deliberately chosen from available CD-ROMs and which were definitively clean of viruses. For discussion of results, see 6ASUMOV.TXT and 7EVAL.TXT. Index of tables: ---------------- FDOS.F1: "FileVirus 1": Results of "full" Zoo test for file viruses FDOS.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses FDOS.F3: "Packed File Viruses": Results of Detection of Packed Zoo File Viruses FDOS.F4: "False Positive" detection: Results of "full" Zoo test for Non-viral (clean) samples detected as "False Positives" FDOS.F5: "File Malware": Results of "full" Zoo test for File-related malware Table FDOS.F1: "FileVirus 1": Results of "full" Zoo test for file viruses under DOS: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 13992 100.0% % % 112036 100.0% ----------------------------------------------------------- ANT417 10589 75.7 560 4.0 278 2.0 89552 79.9 AVG50 12258 87.6 349 2.5 281 2.0 100833 90.0 AVK80 12590 90.0 435 3.1 24 0.2 101025 90.2 AVP30120 13944 99.7 458 3.3 10 0.1 111702 99.7 AVS77018 13696 97.9 624 4.5 92 0.7 109836 98.0 DRW401 13032 93.1 424 3.0 235 1.7 105701 94.3 DSS785u 13985 99.9 382 2.7 3 0.0 111860 99.8 FPR301 13361 95.5 215 1.5 107 0.8 109663 97.9 FSE30119 13945 99.7 458 3.3 16 0.1 111701 99.7 INO50 13081 93.5 456 3.3 153 1.1 106375 94.9 ITM401a 9213 65.8 344 2.5 530 3.8 69667 62.2 NAV40 13723 98.1 1686 12.0 160 1.1 110232 98.4 NVC450 13130 93.8 470 3.4 338 2.4 106710 95.2 RAV602 9931 71.0 966 6.9 475 3.4 78022 69.6 SCN318 12288 87.8 854 6.1 382 2.7 101246 90.4 SWP311 13770 98.4 720 5.1 123 0.9 110576 98.7 TBA807 13039 93.2 353 2.5 465 3.3 105661 94.3 TSC140 (1) 7854 56.1 322 2.3 480 3.4 58446 52.2 VBS490 4967 35.5 128 0.9 582 4.2 41819 37.3 VSP1161 10646 76.1 4412 31.5 753 5.4 77095 68.8 ----------------------------------------------------------- Remark (1): TSCan crashed on DOS tests but completed in DOS-Box under Windows-98 or -NT (results given) Table FDOS.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses under DOS: ====================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 122 100.0% % % 3591 100.0% ---------------------------------------------------------- ANT417 114 93.4 8 6.6 3 2.5 3516 97.9 AVG50 121 99.2 13 10.7 3 2.5 3567 99.3 AVK80 122 100.0 10 8.2 0 0.0 3591 100.0 AVP30120 122 100.0 10 8.2 0 0.0 3591 100.0 AVS77018 121 99.2 14 11.5 4 3.3 3571 99.4 DRW401 121 99.2 7 5.7 1 0.8 3584 99.8 DSS785u 122 100.0 10 8.2 0 0.0 3591 100.0 FPR301 121 99.2 14 11.5 2 1.6 3583 99.8 FSE30119 122 100.0 10 8.2 0 0.0 3591 100.0 INO50 121 99.2 13 10.7 4 3.3 3571 99.4 ITM401a 110 90.2 9 7.4 10 8.2 3107 86.5 NAV40 119 97.5 34 27.9 3 2.5 3500 97.5 NVC450 122 100.0 2 1.6 8 6.6 3577 99.6 RAV602 119 97.5 13 10.7 8 6.6 3537 98.5 SCN318 120 98.4 19 15.6 4 3.3 3569 99.4 SWP311 122 100.0 17 13.9 3 2.5 3587 99.9 TBA807 121 99.2 5 4.1 3 2.5 3579 99.7 TSC140 (1) 99 81.1 8 6.6 10 8.2 2790 77.7 VBS490 103 84.4 5 4.1 31 25.4 2671 74.4 VSP1161 98 80.3 45 36.9 11 9.0 2796 77.9 ---------------------------------------------------------- Remark (1): TSCan crashed on DOS tests but completed in DOS-Box under Windows-98 or -NT (results given) Table FDOS.F3: "Packed File Viruses": Results of Detection of Packed Zoo File Viruses under DOS: ========================================================== This includes ---------- Viruses detected per Packer --------------- Scanner ZIP % LHA % ARJ % RAR % ---------------------------------------------------------------- Testbed 13992 100.0 13992 100.0 13992 100.0 13992 100.0 ---------------------------------------------------------------- AVK80 12540 89.6 12542 89.6 12543 89.6 12543 89.6 AVP30120 13044 93.2 13049 93.3 13048 93.2 13048 93.2 DRW401 13467 96.2 13464 96.2 13460 96.2 0 0.0 DSS785u 13924 99.5 13921 99.5 13923 99.5 0 0.0 FPR301 13292 95.0 0 0.0 13291 95.0 0 0.0 FSE30119 13046 93.2 13049 93.3 13048 93.2 13049 93.3 NAV40 12414 88.7 468 3.3 465 3.3 725 5.2 NVC450 13025 93.1 0 0.0 13024 93.1 0 0.0 RAV602 781 5.6 949 6.8 780 5.6 12391 88.6 ---------------------------------------------------------------- Remark: table lists only those scanners where at least one packed viral object was detected for at least one packing method. Table FDOS.F4: "False Positive" detection: Results of "full" Zoo test for Non-viral (clean) samples detected as "False Positives" under DOS: ============================================================ Falsely This includes detected ---- unreliably ---- Files Scanner Viruses identified detected detected ---------------------------------------------------------- Testbed 30 100.0% % % 3300 100.0% ---------------------------------------------------------- ANT417 1 3.3 0 0.0 1 3.3 1 0.0 AVG50 13 43.3 0 0.0 13 43.3 31 0.9 AVK80 0 0.0 0 0.0 0 0.0 0 0.0 AVP30120 0 0.0 0 0.0 0 0.0 0 0.0 AVS77018 1 3.3 0 0.0 1 3.3 1 0.0 DRW401 10 33.3 0 0.0 10 33.3 11 0.3 DSS785u 0 0.0 0 0.0 0 0.0 0 0.0 FPR301 0 0.0 0 0.0 0 0.0 0 0.0 FSE30119 0 0.0 0 0.0 0 0.0 0 0.0 INO50 2 6.7 0 0.0 2 6.7 4 0.1 ITM401a 1 3.3 0 0.0 1 3.3 1 0.0 NAV40 2 6.7 0 0.0 2 6.7 2 0.1 NVC450 0 0.0 0 0.0 0 0.0 0 0.0 RAV602 0 0.0 0 0.0 0 0.0 0 0.0 SCN318 0 0.0 0 0.0 0 0.0 0 0.0 SWP311 0 0.0 0 0.0 0 0.0 0 0.0 TBA807 11 36.7 0 0.0 11 36.7 14 0.4 TSC140 (1) 2 6.7 0 0.0 4 13.3 5 0.2 VBS490 1 3.3 0 0.0 1 3.3 1 0.0 VSP1161 1 3.3 0 0.0 1 3.3 1 0.0 ---------------------------------------------------------- Remark: within 30 non-viral directories and totally 3300 non- viral objects, at least one sample in N directories was falsely detected (N = number in column 1) Remark (1): TSCan crashed on DOS tests but completed in DOS-Box under Windows-98 or -NT (results given) Table FDOS.F5 "File Malware": Results of "full" Zoo test for File-related malware under DOS: ======================================================== Some manufacturers requested that their AV product should not be Tested against malware. The following table consequently lists Only those products which were not withdrawn from this test. This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 3321 100.0% % % 7989 100.0% ---------------------------------------------------------- ANT417 1751 52.7 32 1.0 65 2.0 4270 53.4 AVG50 2366 71.2 41 1.2 43 1.3 6094 76.3 AVK80 3109 93.6 124 3.7 19 0.6 7682 96.2 AVP30120 3137 94.5 124 3.7 17 0.5 7717 96.6 AVS77018 2665 80.2 88 2.6 23 0.7 6755 84.6 DRW401 2639 79.5 58 1.7 40 1.2 6801 85.1 DSS785u 3269 98.4 24 0.7 11 0.3 7836 98.1 FPR301 **** **** *** *** ** *** **** **** FSE30119 3138 94.5 124 3.7 17 0.5 7718 96.6 INO50 2880 86.7 103 3.1 37 1.1 6918 86.6 ITM401a 1552 46.7 29 0.9 45 1.4 3440 43.1 NAV40 **** **** *** *** ** *** **** **** NVC450 2414 72.7 28 0.8 54 1.6 6473 81.0 RAV602 2116 63.7 70 2.1 87 2.6 5219 65.3 SCN318 **** **** *** *** ** *** **** **** SWP311 **** **** *** *** ** *** **** **** TBA807 2052 61.8 34 1.0 73 2.2 5591 70.0 TSC140 (1) 679 20.4 14 0.4 14 0.4 873 10.9 vbs490 792 23.8 6 0.2 85 2.6 1650 20.7 VSP1161 2220 66.8 136 4.1 57 1.7 5106 63.9 ---------------------------------------------------------- Remark (1): TSCan crashed on DOS tests but completed in DOS-Box under Windows-98 or -NT (results given)