================================================ File 6GWNT.TXT/Heureka-Test: ================================================== Detailed results of Macro and Script Virus related on-demand scanner tests under Windows NT: ================================================== (Formatted with non-proportional font: Courier; 72 columns) Following VTC test "2001-04" where 17 products were submitted for test, the producers of 15 AV products agreed that their Windows-NT related products were tested against special testbeds including macro and script viruses reported between November 1, 2000 and January 31, 2001 (testbed "011") as well as between February 1, 2001 and April 30, 2001 (testbed "014"). For details of related AV producers: see A2SCNLS.txt. For a list of acronyms (abbreviations) for AV products: see A5CodNam.txt. -------------------------------------------------------- Products submitted for aVTC test under Windows-NT: -------------------------------------------------------- AV3 v: 3.0.304.0 sig: Dec.04,2000 AVG 6 v: 6.220 sig: Dec.11,2000 AVK 10 v: 10,0,0,0 sig: Dec.07,2000 AVP Platinum v: 3.5.311.0 sig: Dec.07,2000 CMD v: 4.60 sig: Dec.11,2000 FPR v: 3.08b sig: Dec.11,2000 FPW v: 3.08b sig: Dec.11,2000 FSE v: 5.21 sig: Dec.01,2000 INO v: 4.53 Enterprise Ed. sig: Dec.11,2000 NVC v: 4.86 sig: Dec.01,2000 PAV v: 3.0.132.4 sig: Dec.07,2000 PER v: 6.60 sig: Nov.30,2000 RAV v: 8.1.001 sig: Dec.11,2000 SCN v: 4.12.0 sig: Dec.04,2000 VSP v: 12.02.2 sig: Dec.11,2000 -------------------------------------------------------- Two products (NAV and PRO) were withdrawn from this test, due to "new engines". Index of tables: =========================================================== Part I: Reference testbed "00A" =========================================================== Reference "00a": Detection rates for macro and script viruses/malware in VTC test "2001-04", using testbeds "00A" (October 31, 2000) ----------------------------------------------------------- WNT.M1/00A: "MacroVirus 1/00A": Results of "full" test for macro viruses WNT.M2/00A: "MacroVirus 2/00A": Results of "In-The-Wild" test for macro viruses WNT.M5/00A: "Macro-Malware/00A": Results of "full" zoo test for Macro-related malware WNT.S1/00A: "ScriptVirus 1/00A": Results of "full" test for script viruses (VBS, JS etc) WNT.S2/00A: "ScriptVirus 2/00A": Results of "In-The-Wild" test for script viruses =========================================================== Part II: Heureka testbed "011" =========================================================== Heureka "011": Detection rates for macro and script viruses/malware in VTC test "2001-07", using testbeds "011", including viruses detected between Nov.1,2000 and Jan.31,2001 ----------------------------------------------------------- WNT.M1/011: "MacroVirus 1/011": Results of "full" test for macro viruses WNT.M2/011: "MacroVirus 2/011": Results of "In-The-Wild" test for macro viruses WNT.M5/011: "Macro-Malware/011": Results of "full" zoo test for Macro-related malware WNT.S1/011: "ScriptVirus 1/011": Results of "full" test for script viruses (VBS, JS etc) =========================================================== Part III: Heureka testbed "014" =========================================================== Heureka "014": Detection rates for macro and script viruses/malware in VTC test "2001-07", using testbeds "014", including viruses detected between Feb.1,2001 and Apr.30,2001 ----------------------------------------------------------- WNT.M1/014: "MacroVirus 1/014": Results of "full" test for macro viruses WNT.M2/014: "MacroVirus 2/014": Results of "In-The-Wild" test for macro viruses WNT.M5/014: "Macro-Malware/014": Results of "full" zoo test for Macro-related malware WNT.S1/014: "ScriptVirus 1/014": Results of "full" test for script viruses (VBS, JS etc) ----------------------------------------------------------- ================================================= Part I: Reference tables (results for test "00A") ================================================= Table WNT.M1/00A: "MacroVirus 1/00A": Results of "full" zoo test with testbed "00A" for macro viruses under Windows NT: =================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 6233 100.0 19387 100.0 ---------------------------------------------------------- AV3 5966 95.7 51 0.8 44 0.7 18651 96.2 AVG 6128 98.3 42 0.7 11 0.2 19123 98.6 AVK 6230 100.0 91 1.5 1 0.0 19380 100.0 AVP 6230 100.0 91 1.5 1 0.0 19380 100.0 CMD 6233 100.0 72 1.2 0 0.0 19387 100.0 FPR 6233 100.0 7 0.1 0 0.0 19387 100.0 FPW 6233 100.0 7 0.1 0 0.0 19387 100.0 FSE 6233 100.0 10 0.2 0 0.0 19387 100.0 INO 6215 99.7 86 1.4 6 0.1 19334 99.7 NAV 6043 97.0 84 1.3 12 0.2 18717 96.5 * NVC 6219 99.8 67 1.1 7 0.1 19333 99.7 PAV 6230 100.0 91 1.5 1 0.0 19380 100.0 PER 4252 68.2 97 1.6 26 0.4 13122 67.7 PRO 4181 67.1 0 0.0 145 2.3 12125 62.5 * RAV 6208 99.6 309 5.0 10 0.2 19309 99.6 SCN 6233 100.0 53 0.9 0 0.0 19387 100.0 VSP 1 0.0 0 0.0 1 0.0 1 0.0 ----------------------------------------------------------- (*) NAV and PRO withdrawn from "Heureka test". Table WNT.M2/00A: "MacroVirus 2/00A": Results of "In-The-Wild" test for macro viruses under Windows NT: ============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 147 100.0 1347 100.0 ---------------------------------------------------------- AV3 147 100.0 10 6.8 4 2.7 1339 99.4 AVG 147 100.0 7 4.8 0 0.0 1347 100.0 AVK 147 100.0 8 5.4 0 0.0 1347 100.0 AVP 147 100.0 8 5.4 0 0.0 1347 100.0 CMD 147 100.0 0 0.0 0 0.0 1347 100.0 FPR 147 100.0 0 0.0 0 0.0 1347 100.0 FPW 147 100.0 0 0.0 0 0.0 1347 100.0 FSE 147 100.0 1 0.7 0 0.0 1347 100.0 INO 147 100.0 9 6.1 0 0.0 1347 100.0 NAV 147 100.0 11 7.5 0 0.0 1347 100.0 * NVC 147 100.0 8 5.4 0 0.0 1347 100.0 PAV 147 100.0 8 5.4 0 0.0 1347 100.0 PER 114 77.6 16 10.9 0 0.0 1119 83.1 PRO 146 99.3 0 0.0 13 8.8 1315 97.6 * RAV 147 100.0 31 21.1 1 0.7 1346 99.9 SCN 147 100.0 6 4.1 0 0.0 1347 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- (*) NAV and PRO withdrawn from "Heureka test". Table WNT.M5/00A: "Macro-Malware/00A": Results of "full" test for Macro-related malware under Windows NT: ============================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 403 100.0 627 100.0 ---------------------------------------------------------- AV3 329 81.6 3 0.7 5 1.2 497 79.3 AVG 323 80.1 1 0.2 5 1.2 523 83.4 AVK 400 99.3 1 0.2 0 0.0 624 99.5 AVP 400 99.3 0 0.0 0 0.0 624 99.5 CMD 402 99.8 6 1.5 0 0.0 621 99.0 FPR 402 99.8 2 0.5 0 0.0 621 99.0 FPW 402 99.8 2 0.5 0 0.0 621 99.0 FSE 403 100.0 0 0.0 0 0.0 627 100.0 INO 378 93.8 5 1.2 1 0.2 600 95.7 NAV 306 75.9 4 1.0 2 0.5 491 78.3 * NVC 399 99.0 10 2.5 2 0.5 606 96.7 PAV 400 99.3 0 0.0 0 0.0 624 99.5 PER 234 58.1 4 1.0 9 2.2 369 58.9 PRO 208 51.6 0 0.0 8 2.0 303 48.3 * RAV 391 97.0 24 6.0 5 1.2 604 96.3 SCN 403 100.0 5 1.2 0 0.0 627 100.0 VSP 1 0.2 0 0.0 0 0.0 1 0.2 ----------------------------------------------------------- (*) NAV and PRO withdrawn from "Heureka test". Table WNT.S1/00A: "ScriptVirus 1/00A": Results of "full" Zoo test for script viruses: ===================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 477 100.0 904 100.0 ---------------------------------------------------------- AV3 139 29.1 2 0.4 19 4.0 328 36.3 AVG 276 57.9 22 4.6 20 4.2 618 68.4 AVK 476 99.8 41 8.6 1 0.2 901 99.7 AVP 476 99.8 32 6.7 1 0.2 901 99.7 CMD 462 96.9 9 1.9 12 2.5 850 94.0 FPR 463 97.1 10 2.1 12 2.5 853 94.4 FPW 462 96.9 10 2.1 14 2.9 846 93.6 FSE 477 100.0 2 0.4 3 0.6 899 99.4 INO 442 92.7 46 9.6 12 2.5 831 91.9 NAV 260 54.5 25 5.2 24 5.0 501 55.4 * NVC 422 88.5 24 5.0 13 2.7 773 85.5 PAV 476 99.8 32 6.7 1 0.2 901 99.7 PER 105 22.0 0 0.0 31 6.5 214 23.7 PRO 171 35.8 3 0.6 33 6.9 312 34.5 * RAV 405 84.9 46 9.6 28 5.9 697 77.1 SCN 477 100.0 28 5.9 0 0.0 904 100.0 VSP 407 85.3 50 10.5 32 6.7 701 77.5 ---------------------------------------------------------- (*) NAV and PRO withdrawn from "Heureka test". Table WNT.S2/00A: "ScriptVirus 2/00A": Results of "In-The-Wild" test for script viruses: ======================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 16 100.0 133 100.0 ---------------------------------------------------------- AV3 16 100.0 1 6.3 6 37.5 119 89.5 AVG 16 100.0 4 25.0 6 37.5 123 92.5 AVK 16 100.0 6 37.5 0 0.0 133 100.0 AVP 16 100.0 2 12.5 0 0.0 133 100.0 CMD 16 100.0 0 0.0 4 25.0 127 95.5 FPR 16 100.0 0 0.0 4 25.0 127 95.5 FPW 16 100.0 0 0.0 6 37.5 123 92.5 FSE 16 100.0 0 0.0 3 18.8 128 96.2 INO 16 100.0 5 31.3 1 6.3 132 99.2 NAV 16 100.0 8 50.0 2 12.5 127 95.5 * NVC 16 100.0 4 25.0 3 18.8 127 95.5 PER 13 81.3 0 0.0 8 50.0 82 61.7 PRO 14 87.5 0 0.0 7 43.8 99 74.4 * SCN 16 100.0 4 25.0 0 0.0 133 100.0 VSP 14 87.5 2 12.5 8 50.0 108 81.2 ---------------------------------------------------------- (*) NAV and PRO withdrawn from "Heureka test". ====================================== Part II: Results of Heureka test "011" ====================================== Table WNT.M1/011: "MacroVirus 1/011": Results of "full" zoo test with testbed "011" for macro viruses under Windows NT: =================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 267 100.0 1219 100.0 ---------------------------------------------------------- AV3 139 52.1 3 1.1 4 1.5 602 49.4 AVG 226 84.6 3 1.1 4 1.5 1036 85.0 AVK 195 73.0 8 3.0 5 1.9 859 70.5 AVP 195 73.0 7 2.6 5 1.9 859 70.5 CMD 225 84.3 13 4.9 2 0.7 1062 87.1 FPR 225 84.3 13 4.9 2 0.7 1062 87.1 FPW 225 84.3 13 4.9 2 0.7 1062 87.1 FSE 246 92.1 13 4.9 1 0.4 1141 93.6 INO 250 93.6 8 3.0 3 1.1 1153 94.6 NVC 146 54.7 4 1.5 8 3.0 678 55.6 PAV 196 73.4 7 2.6 5 1.9 864 70.9 PER 199 74.5 0 0.0 4 1.5 909 74.6 RAV 223 83.5 16 6.0 3 1.1 1036 85.0 SCN 261 97.8 8 3.0 0 0.0 1208 99.1 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.M2/011: "MacroVirus 2/011": Results of "In-The-Wild" test for macro viruses under Windows NT: ============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 22 100.0 67 100.0 ---------------------------------------------------------- AV3 21 95.5 0 0.0 0 0.0 61 91.0 AVG 22 100.0 0 0.0 0 0.0 67 100.0 AVK 22 100.0 0 0.0 1 4.5 64 95.5 AVP 22 100.0 0 0.0 1 4.5 64 95.5 CMD 22 100.0 1 4.5 0 0.0 67 100.0 FPR 22 100.0 1 4.5 0 0.0 67 100.0 FPW 22 100.0 1 4.5 0 0.0 67 100.0 FSE 22 100.0 1 4.5 0 0.0 67 100.0 INO 22 100.0 0 0.0 0 0.0 67 100.0 NVC 22 100.0 0 0.0 1 4.5 64 95.5 PAV 22 100.0 0 0.0 1 4.5 64 95.5 PER 11 50.0 0 0.0 0 0.0 37 55.2 RAV 22 100.0 1 4.5 1 4.5 65 97.0 SCN 22 100.0 0 0.0 0 0.0 67 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.M5/011: "Macro-Malware/011": Results of "full" test for Macro-related malware under Windows NT: ============================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 23 100.0 49 100.0 ---------------------------------------------------------- AV3 6 26.1 0 0.0 0 0.0 8 16.3 AVG 13 56.5 0 0.0 0 0.0 23 46.9 AVK 16 69.6 0 0.0 0 0.0 26 53.1 AVP 16 69.6 0 0.0 0 0.0 26 53.1 CMD 16 69.6 0 0.0 0 0.0 42 85.7 FPR 16 69.6 0 0.0 0 0.0 42 85.7 FPW 16 69.6 0 0.0 0 0.0 42 85.7 FSE 19 82.6 0 0.0 0 0.0 43 87.8 INO 18 78.3 1 4.3 0 0.0 40 81.6 NVC 10 43.5 1 4.3 0 0.0 22 44.9 PAV 16 69.6 0 0.0 0 0.0 26 53.1 PER 15 65.2 0 0.0 1 4.3 36 73.5 RAV 18 78.3 2 8.7 0 0.0 44 89.8 SCN 18 78.3 0 0.0 0 0.0 32 65.3 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.S1/011: "ScriptVirus 1/011": Results of "full" Zoo test for script viruses: ===================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 85 100.0 152 100.0 ---------------------------------------------------------- AV3 21 24.7 0 0.0 5 5.9 24 15.8 AVG 44 51.8 2 2.4 5 5.9 69 45.4 AVK 70 82.4 9 10.6 5 5.9 116 76.3 AVP 77 90.6 10 11.8 5 5.9 126 82.9 CMD 32 37.6 0 0.0 3 3.5 44 28.9 FPR 32 37.6 0 0.0 3 3.5 44 28.9 FPW 32 37.6 0 0.0 4 4.7 42 27.6 FSE 74 87.1 11 12.9 5 5.9 122 80.3 INO 58 68.2 2 2.4 14 16.5 88 57.9 NVC 51 60.0 2 2.4 13 15.3 71 46.7 PAV 78 91.8 10 11.8 5 5.9 129 84.9 PER 18 21.2 0 0.0 2 2.4 20 13.2 RAV 58 68.2 6 7.1 11 12.9 86 56.6 SCN 78 91.8 9 10.6 7 8.2 131 86.2 VSP 55 64.7 10 11.8 8 9.4 90 59.2 ---------------------------------------------------------- ======================================= Part III: Results of Heureka test "014" ======================================= Table WNT.M1/014: "MacroVirus 1/014": Results of "full" zoo test with testbed "014" for macro viruses under Windows NT: =================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 278 100.0 1016 100.0 ---------------------------------------------------------- AV3 156 56.1 0 0.0 9 3.2 477 46.9 AVG 216 77.7 2 0.7 1 0.4 738 72.6 AVK 147 52.9 0 0.0 0 0.0 396 39.0 AVP 147 52.9 0 0.0 0 0.0 396 39.0 CMD 214 77.0 0 0.0 2 0.7 800 78.7 FPR 214 77.0 0 0.0 2 0.7 800 78.7 FPW 214 77.0 0 0.0 2 0.7 800 78.7 FSE 247 88.8 1 0.4 1 0.4 892 87.8 INO 256 92.1 3 1.1 1 0.4 935 92.0 NVC 78 28.1 0 0.0 1 0.4 312 30.7 PAV 151 54.3 0 0.0 0 0.0 403 39.7 PER 221 79.5 0 0.0 3 1.1 810 79.7 RAV 223 80.2 8 2.9 7 2.5 779 76.7 SCN 270 97.1 3 1.1 2 0.7 991 97.5 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.M2/014: "MacroVirus 2/014": Results of "In-The-Wild" test for macro viruses under Windows NT: ============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 11 100.0 37 100.0 ---------------------------------------------------------- AV3 7 63.6 0 0.0 0 0.0 21 56.8 AVG 9 81.8 2 18.2 0 0.0 25 67.6 AVK 9 81.8 0 0.0 0 0.0 25 67.6 AVP 9 81.8 0 0.0 0 0.0 25 67.6 CMD 11 100.0 0 0.0 0 0.0 37 100.0 FPR 11 100.0 0 0.0 0 0.0 37 100.0 FPW 11 100.0 0 0.0 0 0.0 37 100.0 FSE 11 100.0 0 0.0 0 0.0 37 100.0 INO 10 90.9 0 0.0 0 0.0 31 83.8 NVC 8 72.7 0 0.0 0 0.0 22 59.5 PAV 9 81.8 0 0.0 0 0.0 25 67.6 PER 10 90.9 0 0.0 0 0.0 31 83.8 RAV 11 100.0 0 0.0 0 0.0 37 100.0 SCN 11 100.0 0 0.0 0 0.0 37 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.M5/014: "Macro-Malware/014": Results of "full" test for Macro-related malware under Windows NT: ============================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 41 100.0 53 100.0 ---------------------------------------------------------- AV3 13 31.7 0 0.0 0 0.0 18 34.0 AVG 23 56.1 0 0.0 0 0.0 26 49.1 AVK 25 61.0 0 0.0 0 0.0 35 66.0 AVP 25 61.0 0 0.0 0 0.0 35 66.0 CMD 27 65.9 0 0.0 0 0.0 38 71.7 FPR 27 65.9 0 0.0 0 0.0 38 71.7 FPW 27 65.9 0 0.0 0 0.0 38 71.7 FSE 28 68.3 0 0.0 0 0.0 40 75.5 INO 29 70.7 0 0.0 0 0.0 40 75.5 NVC 21 51.2 0 0.0 0 0.0 31 58.5 PAV 25 61.0 0 0.0 0 0.0 35 66.0 PER 16 39.0 0 0.0 0 0.0 23 43.4 RAV 24 58.5 0 0.0 1 2.4 34 64.2 SCN 28 68.3 0 0.0 0 0.0 35 66.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table WNT.S1/014: "ScriptVirus 1/014": Results of "full" Zoo test for script viruses: ===================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 121 100.0 234 100.0 ---------------------------------------------------------- AV3 14 11.6 0 0.0 4 3.3 17 7.3 AVG 38 31.4 0 0.0 5 4.1 58 24.8 AVK 91 75.2 2 1.7 12 9.9 152 65.0 AVP 95 78.5 3 2.5 11 9.1 165 70.5 CMD 33 27.3 0 0.0 2 1.7 40 17.1 FPR 33 27.3 0 0.0 2 1.7 40 17.1 FPW 33 27.3 0 0.0 2 1.7 40 17.1 FSE 95 78.5 4 3.3 10 8.3 166 70.9 INO 62 51.2 2 1.7 8 6.6 101 43.2 NVC 57 47.1 2 1.7 10 8.3 85 36.3 PAV 95 78.5 3 2.5 11 9.1 165 70.5 PER 12 9.9 0 0.0 1 0.8 25 10.7 RAV 75 62.0 3 2.5 13 10.7 116 49.6 SCN 88 72.7 8 6.6 11 9.1 145 62.0 VSP 73 60.3 5 4.1 11 9.1 119 50.9 ---------------------------------------------------------- Table WNT.S3/014: "Script-Malware/014": Results of "full" test for Script-related malware under Windows NT: ============================================================== Script This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 22 100.0 30 100.0 ---------------------------------------------------------- AV3 0 0.0 0 0.0 0 0.0 0 0.0 AVG 2 9.1 0 0.0 1 4.5 2 6.7 AVK 3 13.6 1 4.5 0 0.0 4 13.3 AVP 5 22.7 1 4.5 0 0.0 6 20.0 CMD 1 4.5 0 0.0 0 0.0 1 3.3 FPR 1 4.5 0 0.0 0 0.0 1 3.3 FPW 1 4.5 0 0.0 0 0.0 1 3.3 FSE 5 22.7 1 4.5 0 0.0 6 20.0 INO 1 4.5 0 0.0 0 0.0 1 3.3 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 5 22.7 1 4.5 0 0.0 6 20.0 PER 1 4.5 0 0.0 1 4.5 1 3.3 RAV 2 9.1 0 0.0 1 4.5 2 6.7 SCN 3 13.6 0 0.0 0 0.0 3 10.0 VSP 5 22.7 1 4.5 0 0.0 6 20.0 -----------------------------------------------------------