=============================================== File 6FW98.TXT: ----------------------------------------------- Detailed results of Macro and Script Virus related on-demand scanner tests under W-98: =============================================== (Formatted with non-proportional font: Courier) The following *21* products (versions) participated in this part of VTC test "2001-10" (for details of related AV products: see A2SCNLS.txt): ================================================= ANT v(def): 6.8.0.56 sig: June 22,2001 AVA v(def): 3.0.354.0 sig: June 25,2001 AVG v(def): 6.0.263 sig: June 22,2001 AVK v(def): 10.0.167 sig: June 21,2001 AVP v(def): 3.5.133.0 sig: June 01,2001 AVX v(def): 6.1 sig: June 18,2001 CMD v(def): 4.61.5 sig: June 25,2001 DRW v(def): 4.25 sig: June 20,2001 DSE v(def): 4.0.3 sig: June 20,2001 FPR v(def): 3.09d sig: June 25,2001 FPW v(def): 3.09d sig: June 25,2001 FSE v(def): 1.00.1251 sig: June 20,2001 scan eng fprot: 3.09.507 scan eng avp: 3.55.3210 INO v(def): 6.0.85 sig: June 14,2001 MR2 v(def): 1.17 sig: June 2001 NAV v(def): 4.1.0.6 sig: June 22,2001 NVC v(def): 5.00.25 sig: June 19,2001 PAV v(def): 3.5.133.0 sig: June 23,2001 QHL v(def): 6.02 sig: June 28,2001 RAV v(def): 8.2.001, scan eng:8.3 sig: June 25,2001 SCN v(def): 4144 scan eng:4.1.40 sig: June 20,2001 VSP v(def): 12.22.1 sig: June 25,2001 ================================================= The following tables summarize detection and identification quality concerning MACRO and SCRIPT viruses as well as selected MACRO and SCRIPT MALWARE, both in full "zoo" virus collection and for viral In-The-Wild testbeds, under Windows-98. Moreover, results for detection of viruses in objects compressed with 6 popular packing methods are also given. Finally, a special test was performed concerning "false positive" virus detection of selected files which were deliberately chosen from available CD-ROMs and which were definitively clean of viruses. For discussion of results, see 7EVALW98.txt. As usual, results may be influenced by problems experienced during tests; such problems are documented in 8PROBLMS.TXT. Index of tables: ---------------- W98.M1: "MacroVirus 1": Results of "full" test for macro viruses W98.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses W98.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB W98.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB W98.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with PKZIP W98.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with LHA W98.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with ARJ W98.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with RAR W98.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with WinRAR W98.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with CAB W98.M4: "False Positive" detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" W98.M5: "Macro-Malware": Results of "full" zoo test for Macro-related malware W98.S1: "ScriptVirus 1": Results of "full" test for script viruses (VBS, JS etc) W98.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses W98.S5: "Script-Malware": Results of "full" zoo test for Script-related malware Table W98.M1: "MacroVirus 1": Results of "full" zoo test for macro viruses under Windows 98: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 6762 100.0% 21677 100.0% ----------------------------------------------------------- ANT 6587 97.4 187 2.8 54 0.8 20853 96.2 AVA 6605 97.7 41 0.6 32 0.5 21206 97.8 AVG 6651 98.4 55 0.8 13 0.2 21387 98.7 AVK 6762 100.0 118 1.7 1 0.~ 21674 100.~ AVP 6761 100.~ 118 1.7 1 0.~ 21673 100.~ AVX 6703 99.1 134 2.0 8 0.1 21474 99.1 CMD 6760 100.~ 29 0.4 1 0.~ 21672 100.~ DRW 6725 99.5 81 1.2 14 0.2 21574 99.5 DSE 6610 97.8 62 0.9 14 0.2 20971 96.7 FPR 6760 100.~ 29 0.4 1 0.~ 21672 100.~ FPW 6760 100.~ 29 0.4 1 0.~ 21672 100.~ FSE 6762 100.0 30 0.4 0 0.0 21677 100.0 INO 6755 99.9 110 1.6 6 0.1 21651 99.9 MR2 2758 40.8 198 2.9 76 1.1 8043 37.1 NAV 6731 99.5 111 1.6 16 0.2 21520 99.3 NVC 6751 99.8 89 1.3 12 0.2 21622 99.7 PAV 6762 100.0 118 1.7 1 0.~ 21674 100.~ QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 6726 99.5 348 5.1 15 0.2 21545 99.4 SCN 6762 100.0 66 1.0 0 0.0 21677 100.0 VSP 1 0.~ 0 0.0 1 0.~ 1 0.~ ----------------------------------------------------------- Remark: decimal ~ indicates that result is rounded: (100.~ up to 100.0%, 0.~ down to 0.0%). Table W98.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses under Windows 98: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 143 100.0% 1308 100.0% ----------------------------------------------------------- ANT 142 99.3 7 4.9 2 1.4 1294 98.9 AVA 143 100.0 6 4.2 3 2.1 1305 99.8 AVG 143 100.0 11 7.7 0 0.0 1308 100.0 AVK 143 100.0 9 6.3 0 0.0 1308 100.0 AVP 143 100.0 9 6.3 0 0.0 1308 100.0 AVX 143 100.0 15 10.5 0 0.0 1308 100.0 CMD 143 100.0 2 1.4 0 0.0 1308 100.0 DRW 143 100.0 10 7.0 0 0.0 1308 100.0 DSE 140 97.9 6 4.2 6 4.2 1275 97.5 FPR 143 100.0 2 1.4 0 0.0 1308 100.0 FPW 143 100.0 2 1.4 0 0.0 1308 100.0 FSE 143 100.0 2 1.4 0 0.0 1308 100.0 INO 143 100.0 9 6.3 0 0.0 1308 100.0 MR2 13 9.1 1 0.7 5 3.5 378 28.9 NAV 143 100.0 8 5.6 0 0.0 1308 100.0 NVC 143 100.0 11 7.7 2 1.4 1305 99.8 PAV 143 100.0 9 6.3 0 0.0 1308 100.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 143 100.0 26 18.2 5 3.5 1302 99.5 SCN 143 100.0 7 4.9 0 0.0 1308 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table W98.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ZIP % LHA % ARJ % RAR % WRAR % CAB % ------------------------------------------------------------------------------ Testbed 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 ------------------------------------------------------------------------------ ANT 142 99.3 0 0.0 142 99.3 0 0.0 0 0.0 0 0.0 AVA 143 100.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 143 100.0 0 0.0 143 100.0 143 100.0 143 100.0 0 0.0 AVK 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 AVP 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 AVX 136 95.1 136 95.1 136 95.1 136 95.1 136 95.1 136 95.1 CMD 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 DRW 143 100.0 0 0.0 143 100.0 143 100.0 143 100.0 0 0.0 DSE 140 97.9 140 97.9 0 0.0 0 0.0 0 0.0 140 97.9 FPR 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 FPW 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 FSE 143 100.0 143 100.0 143 100.0 0 0.0 0 0.0 0 0.0 INO 143 100.0 143 100.0 143 100.0 143 100.0 139 97.2 143 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 143 100.0 143 100.0 143 100.0 0 0.0 0 0.0 0 0.0 NVC 143 100.0 0 0.0 143 100.0 0 0.0 0 0.0 0 0.0 PAV 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 QHL 143 100.0 0 0.0 143 100.0 0 0.0 0 0.0 0 0.0 RAV 143 100.0 0 0.0 143 100.0 143 100.0 143 100.0 143 100.0 SCN 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 143 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------ Table W98.M3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================= This includes Viral objects detected per packer ------------------------------------------------------------------------------ ZIP % LHA % ARJ % RAR % WRAR % CAB % ------------------------------------------------------------------------------ Testbed 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 ------------------------------------------------------------------------------ ANT 142 10.9 0 0.0 142 10.9 0 0.0 0 0.0 0 0.0 AVA 1305 99.8 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 1308 100.0 0 0.0 1308 100.0 1308 100.0 1308 100.0 0 0.0 AVK 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 AVP 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 AVX 1251 95.6 1251 95.6 1251 95.6 1251 95.6 1251 95.6 1251 95.6 CMD 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 DRW 1308 100.0 0 0.0 1308 100.0 1308 100.0 1308 100.0 0 0.0 DSE 1275 97.5 1275 97.5 0 0.0 0 0.0 0 0.0 1275 97.5 FPR 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 FPW 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 FSE 1165 89.1 1165 89.1 1165 89.1 0 0.0 0 0.0 0 0.0 INO 1308 100.0 1102 84.3 1308 100.0 1308 100.0 193 14.8 1308 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 1308 100.0 1307 99.9 1308 100.0 0 0.0 0 0.0 0 0.0 NVC 1305 99.8 0 0.0 1305 99.8 0 0.0 0 0.0 0 0.0 PAV 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 QHL 1267 96.9 0 0.0 1270 97.1 0 0.0 0 0.0 0 0.0 RAV 1302 99.5 0 0.0 1302 99.5 1302 99.5 1302 99.5 1302 99.5 SCN 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 1308 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------ Table W98.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with PKZIP under Windows 98: ===================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 143 100.0% 1308 100.0% ----------------------------------------------------------- ANT 142 99.3 0 0.0 142 99.3 142 10.9 AVA 143 100.0 6 4.2 3 2.1 1305 99.8 AVG 143 100.0 11 7.7 0 0.0 1308 100.0 AVK 143 100.0 0 0.0 0 0.0 1308 100.0 AVP 143 100.0 9 6.3 0 0.0 1308 100.0 AVX 136 95.1 15 10.5 0 0.0 1251 95.6 CMD 143 100.0 2 1.4 0 0.0 1308 100.0 DRW 143 100.0 10 7.0 0 0.0 1308 100.0 DSE 140 97.9 6 4.2 6 4.2 1275 97.5 FPR 143 100.0 2 1.4 0 0.0 1308 100.0 FPW 143 100.0 2 1.4 0 0.0 1308 100.0 FSE 143 100.0 0 0.0 143 100.0 1165 89.1 INO 143 100.0 9 6.3 0 0.0 1308 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 143 100.0 8 5.6 0 0.0 1308 100.0 NVC 143 100.0 11 7.7 2 1.4 1305 99.8 PAV 143 100.0 9 6.3 0 0.0 1308 100.0 QHL 143 100.0 18 12.6 6 4.2 1267 96.9 RAV 143 100.0 26 18.2 5 3.5 1302 99.5 SCN 143 100.0 7 4.9 0 0.0 1308 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table W98.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with LHA under Windows 98: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 143 100.0% 1308 100.0% ----------------------------------------------------------- ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 143 100.0 0 0.0 0 0.0 1308 100.0 AVP 143 100.0 9 6.3 0 0.0 1308 100.0 AVX 136 95.1 15 10.5 0 0.0 1251 95.6 CMD 143 100.0 2 1.4 0 0.0 1308 100.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 DSE 140 97.9 6 4.2 6 4.2 1275 97.5 FPR 143 100.0 2 1.4 0 0.0 1308 100.0 FPW 143 100.0 2 1.4 0 0.0 1308 100.0 FSE 143 100.0 0 0.0 143 100.0 1165 89.1 INO 143 100.0 9 6.3 4 2.8 1102 84.3 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 143 100.0 8 5.6 1 0.7 1307 99.9 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 143 100.0 9 6.3 0 0.0 1308 100.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 143 100.0 7 4.9 0 0.0 1308 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table W98.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with ARJ under Windows 98: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 143 100.0% 1308 100.0% ----------------------------------------------------------- ANT 142 99.3 0 0.0 142 99.3 142 10.9 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 143 100.0 11 7.7 0 0.0 1308 100.0 AVK 143 100.0 0 0.0 0 0.0 1308 100.0 AVP 143 100.0 9 6.3 0 0.0 1308 100.0 AVX 136 95.1 15 10.5 0 0.0 1251 95.6 CMD 143 100.0 2 1.4 0 0.0 1308 100.0 DRW 143 100.0 10 7.0 0 0.0 1308 100.0 DSE 0 0.0 0 0.0 0 0.0 0 0.0 FPR 143 100.0 2 1.4 0 0.0 1308 100.0 FPW 143 100.0 2 1.4 0 0.0 1308 100.0 FSE 143 100.0 0 0.0 143 100.0 1165 89.1 INO 143 100.0 9 6.3 0 0.0 1308 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 143 100.0 8 5.6 0 0.0 1308 100.0 NVC 143 100.0 11 7.7 2 1.4 1305 99.8 PAV 143 100.0 9 6.3 0 0.0 1308 100.0 QHL 143 100.0 19 13.3 4 2.8 1270 97.1 RAV 143 100.0 26 18.2 5 3.5 1302 99.5 SCN 143 100.0 7 4.9 0 0.0 1308 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table W98.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with RAR under Windows 98: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 143 100.0% 1308 100.0% ----------------------------------------------------------- ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 143 100.0 11 7.7 0 0.0 1308 100.0 AVK 143 100.0 0 0.0 0 0.0 1308 100.0 AVP 143 100.0 9 6.3 0 0.0 1308 100.0 AVX 136 95.1 15 10.5 0 0.0 1251 95.6 CMD 143 100.0 2 1.4 0 0.0 1308 100.0 DRW 143 100.0 10 7.0 0 0.0 1308 100.0 DSE 0 0.0 0 0.0 0 0.0 0 0.0 FPR 143 100.0 2 1.4 0 0.0 1308 100.0 FPW 143 100.0 2 1.4 0 0.0 1308 100.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 INO 143 100.0 9 6.3 0 0.0 1308 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 143 100.0 9 6.3 0 0.0 1308 100.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 143 100.0 26 18.2 5 3.5 1302 99.5 SCN 143 100.0 7 4.9 0 0.0 1308 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table W98.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with WinRAR: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 143 100.0% 1308 100.0% ----------------------------------------------------------- ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 143 100.0 11 7.7 0 0.0 1308 100.0 AVK 143 100.0 0 0.0 0 0.0 1308 100.0 AVP 143 100.0 9 6.3 0 0.0 1308 100.0 AVX 136 95.1 15 10.5 0 0.0 1251 95.6 CMD 143 100.0 2 1.4 0 0.0 1308 100.0 DRW 143 100.0 10 7.0 0 0.0 1308 100.0 DSE 0 0.0 0 0.0 0 0.0 0 0.0 FPR 143 100.0 2 1.4 0 0.0 1308 100.0 FPW 143 100.0 2 1.4 0 0.0 1308 100.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 INO 139 97.2 0 0.0 137 95.8 193 14.8 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 143 100.0 9 6.3 0 0.0 1308 100.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 143 100.0 26 18.2 5 3.5 1302 99.5 SCN 143 100.0 7 4.9 0 0.0 1308 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table W98.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 143 100.0% 1308 100.0% ----------------------------------------------------------- ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 143 100.0 0 0.0 0 0.0 1308 100.0 AVP 143 100.0 9 6.3 0 0.0 1308 100.0 AVX 136 95.1 15 10.5 0 0.0 1251 95.6 CMD 143 100.0 2 1.4 0 0.0 1308 100.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 DSE 140 97.9 6 4.2 6 4.2 1275 97.5 FPR 143 100.0 2 1.4 0 0.0 1308 100.0 FPW 143 100.0 2 1.4 0 0.0 1308 100.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 INO 143 100.0 9 6.3 0 0.0 1308 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 143 100.0 9 6.3 0 0.0 1308 100.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 143 100.0 26 18.2 5 3.5 1302 99.5 SCN 143 100.0 7 4.9 0 0.0 1308 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table W98.M4: "False Positive" macro virus detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" under Windows 98: ================================================================= False This includes Virus ---- unreliably ---- Files Scanner Alarm identified detected detected ----------------------------------------------------------- Maximum 26 100.0% 329 100.0% ----------------------------------------------------------- ANT 15 57.7 0 0.0 15 57.7 36 10.9 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 0 0.0 0 0.0 0 0.0 0 0.0 AVP 2 7.7 0 0.0 2 7.7 4 1.2 AVX 15 57.7 0 0.0 15 57.7 18 5.5 CMD 1 3.8 0 0.0 1 3.8 2 0.6 DRW 10 38.5 0 0.0 10 38.5 29 8.8 DSE 0 0.0 0 0.0 0 0.0 0 0.0 FPR 1 3.8 0 0.0 1 3.8 2 0.6 FPW 1 3.8 0 0.0 1 3.8 2 0.6 FSE 1 3.8 0 0.0 1 3.8 2 0.6 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 13 50.0 0 0.0 13 50.0 20 6.1 NAV 5 19.2 0 0.0 5 19.2 5 1.5 NVC 3 11.5 0 0.0 3 11.5 5 1.5 PAV 2 7.7 0 0.0 2 7.7 4 1.2 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Remark: within 26 non-viral directories and totally 329 non- viral objects, at least one sample in N directories was falsely detected (N = number in column 1) Table W98.M5: "Macro-Malware": Results of "full" test for Macro-related malware under Windows 98: ========================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 426 100.0% 683 100.0% ----------------------------------------------------------- ANT 381 89.4 10 2.3 9 2.1 612 89.6 AVA 379 89.0 3 0.7 6 1.4 586 85.8 AVG 352 82.6 1 0.2 5 1.2 584 85.5 AVK 425 99.8 0 0.0 0 0.0 682 99.9 AVP 425 99.8 0 0.0 0 0.0 682 99.9 AVX 392 92.0 10 2.3 4 0.9 630 92.2 CMD 424 99.5 2 0.5 0 0.0 676 99.0 DRW 387 90.8 1 0.2 7 1.6 622 91.1 DSE 362 85.0 3 0.7 2 0.5 580 84.9 FPR 424 99.5 2 0.5 0 0.0 676 99.0 FPW 424 99.5 2 0.5 0 0.0 676 99.0 FSE 425 99.8 2 0.5 0 0.0 682 99.9 INO 398 93.4 6 1.4 1 0.2 653 95.6 MR2 135 31.7 5 1.2 2 0.5 208 30.5 NAV 368 86.4 4 0.9 7 1.6 596 87.3 NVC 421 98.8 11 2.6 2 0.5 660 96.6 PAV 426 100.0 0 0.0 0 0.0 683 100.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 416 97.7 29 6.8 4 0.9 663 97.1 SCN 426 100.0 4 0.9 0 0.0 683 100.0 VSP 1 0.2 0 0.0 0 0.0 1 0.1 ----------------------------------------------------------- Table W98.S1: "ScriptVirus 1": Results of "full" Zoo test for script viruses: ================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 588 100.0% 1079 100.0% ----------------------------------------------------------- ANT 481 81.8 41 7.0 34 5.8 837 77.6 AVA 198 33.7 8 1.4 29 4.9 444 41.1 AVG 370 62.9 22 3.7 32 5.4 727 67.4 AVK 588 100.0 58 9.9 0 0.0 1079 100.0 AVP 588 100.0 48 8.2 0 0.0 1079 100.0 AVX 412 70.1 19 3.2 42 7.1 730 67.7 CMD 552 93.9 22 3.7 16 2.7 987 91.5 DRW 561 95.4 32 5.4 12 2.0 992 91.9 DSE 429 73.0 11 1.9 23 3.9 753 69.8 FPR 556 94.6 22 3.7 17 2.9 991 91.8 FPW 556 94.6 22 3.7 17 2.9 989 91.7 FSE 588 100.0 39 6.6 2 0.3 1078 99.9 INO 559 95.1 58 9.9 15 2.6 1022 94.7 MR2 490 83.3 54 9.2 44 7.5 829 76.8 NAV 554 94.2 37 6.3 25 4.3 984 91.2 NVC 537 91.3 61 10.4 13 2.2 960 89.0 PAV 588 100.0 48 8.2 2 0.3 1077 99.8 QHL ** No report - See problem-list ** RAV 485 82.5 51 8.7 33 5.6 800 74.1 SCN 587 99.8 39 6.6 1 0.2 1077 99.8 VSP 494 84.0 54 9.2 44 7.5 835 77.4 ----------------------------------------------------------- Table W98.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 19 100.0% 110 100.0% ----------------------------------------------------------- ANT 19 100.0 7 36.8 2 10.5 109 99.1 AVA 18 94.7 4 21.1 4 21.1 100 90.9 AVG 19 100.0 2 10.5 5 26.3 107 97.3 AVK 19 100.0 3 15.8 0 0.0 110 100.0 AVP 19 100.0 2 10.5 0 0.0 110 100.0 AVX 19 100.0 2 10.5 2 10.5 110 100.0 CMD 19 100.0 3 15.8 1 5.3 109 99.1 DRW 19 100.0 2 10.5 0 0.0 110 100.0 DSE 10 52.6 0 0.0 3 15.8 72 65.5 FPR 19 100.0 3 15.8 1 5.3 109 99.1 FPW 19 100.0 3 15.8 1 5.3 109 99.1 FSE 19 100.0 3 15.8 1 5.3 110 100.0 INO 19 100.0 4 21.1 2 10.5 110 100.0 MR2 17 89.5 2 10.5 8 42.1 86 78.2 NAV 19 100.0 7 36.8 0 0.0 110 100.0 NVC 19 100.0 12 63.2 0 0.0 110 100.0 PAV 19 100.0 2 10.5 1 5.3 110 100.0 QHL ** No report - See problem-list ** RAV 18 94.7 5 26.3 3 15.8 107 97.3 SCN 19 100.0 0 0.0 0 0.0 110 100.0 VSP 17 89.5 3 15.8 7 36.8 87 79.1 ----------------------------------------------------------- Table W98.S5: "Script-Malware": Results of "full" test for Script-related malware under Windows 98: ========================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 22 100.0 30 100.0 ---------------------------------------------------------- ANT 0 0.0 0 0.0 0 0.0 0 0.0 AVA ** No report - See problem-list ** AVG 5 22.7 0 0.0 1 4.5 5 16.7 AVK 22 100.0 1 4.5 0 0.0 30 100.0 AVP 22 100.0 1 4.5 0 0.0 30 100.0 AVX 2 9.1 1 4.5 0 0.0 3 10.0 CMD 14 63.6 0 0.0 0 0.0 16 53.3 DRW 8 36.4 0 0.0 0 0.0 9 30.0 DSE 18 81.8 2 9.1 1 4.5 23 76.7 FPR 14 63.6 0 0.0 0 0.0 16 53.3 FPW 14 63.6 0 0.0 0 0.0 16 53.3 FSE 22 100.0 1 4.5 0 0.0 30 100.0 INO 15 68.2 1 4.5 0 0.0 19 63.3 MR2 5 22.7 1 4.5 0 0.0 6 20.0 NAV 8 36.4 0 0.0 0 0.0 11 36.7 NVC 2 9.1 0 0.0 0 0.0 2 6.7 PAV 22 100.0 1 4.5 0 0.0 30 100.0 QHL ** No report - See problem-list ** RAV 18 81.8 0 0.0 0 0.0 25 83.3 SCN 22 100.0 2 9.1 0 0.0 30 100.0 VSP 5 22.7 1 4.5 0 0.0 6 20.0 ----------------------------------------------------------