================================================= aVTC Test "2002-12" (File 6gW2k.TXT): ------------------------------------------------- Detailed results of File, Macro and Script Virus related on-demand scanner tests under W-2000: ================================================= (Formatted with non-proportional font: Courier) The following *19* products (versions) participated in this part of VTC test "2002-12" (for details of related AV products: see A2SCNLS.txt): ============================================================ AVA v(def): CLI Lguard32, version 3.0 Eng: 3.0.406.14 Sig/date: December 13, 2001 AVG v(def): 6.0.309 date: December 13, 2001 Sig: 170 date: December 17, 2001 AVK v(def): W2K: 10,1,0,0 Sig: 10.0.435 date: December 13, 2001 AVP v(def): 3.55.160.0 date: December 12, 2001 BDF v(def): v6.3.6 CMD v(def): 4.64.0 date: August 11, 2001 Eng: 3.55.160.3203 Sign.def date: December 17, 2001 Macro.def date: December 16, 2001 DRW v(def): 4.26 (DrWeb32.txt) date: September 25, 2001 (test.ful) Sig/date: December 17, 2001 (drwtoday.vbd) FPR v(def): 3.11b date: --- Sig/date: December 17, 2001 (binary viruses) Sig/date: December 16, 2001 (macro viruses) FPW v(def): --- sig: --- FSE v(def): 1.00.1251 Sig/date: December 14, 2001 Eng: 3.09.507 (F-PROT) Eng: 3.55.160.3210 (AVP) Eng: 1.02.15 (Orion) IKA v(def): 5.04 Sig/date: December 16, 2001 INO v(def): Eng:49.00 date: December 14, 2001 Sig/date: December 17, 2001 MR2 v(def): 1.20 NAV v(def): 7.60.926 Eng: 4.1.0.15 Sig: rev.3 Sig/date: December 14, 2001 NVC v(def): 5.00.36 Sig/date: December 17, 2001 (binary viruses) Sig/date: December 16, 2001 (macro viruses) PRO v(def): 7.1.C04 date: December 17, 2001 Sig/date: December 17, 2001 RAV v(def): 8.3.1 command line for Win32 i386 Eng: 8.5 for i386 Sig/date: December 17, 2001 at 16:22:24 SCN v(def): 4.1.60 Sig:4177 date:December 17, 2001 VSP v(def): 12.34.1 date: December 17, 2001 Sig/date: December 17, 2001 ============================================================ The following tables summarize detection and identification quality concerning FILE, MACRO and SCRIPT viruses as well as selected FILE, MACRO and SCRIPT MALWARE, both in full "zoo" virus collection and for viral In-The-Wild testbeds, under Windows-2000. Moreover, results for detection of viruses in objects compressed with 6 popular packing methods are also given. Finally, a special test was performed concerning "false positive" virus detection of selected files which were deliberately chosen from available CD-ROMs and which were definitively clean of viruses. For discussion of results, see 7EVAL2k.txt. As usual, results may be influenced by problems experienced during tests; such problems are documented in 8PROBLMS.TXT. Index of tables: ---------------- W2k.F1: "FileVirus 1": Results of "full" Zoo test for file viruses W2k.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses W2k.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.9 and CAB W2k.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of infected ITW file objects packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.9 and CAB W2k.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP W2k.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA W2k.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ W2k.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR W2k.F3e: "WINRAR-Packed Macro Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 2.9 W2k.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB W2k.F4: "False Positive" File Virus Detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives" W2k.F5: "File-Malware": Results of "full" Zoo test for file-related (non-viral) malware W2k.M1: "MacroVirus 1": Results of "full" test for macro viruses W2k.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses W2k.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.0 and CAB W2k.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR 2.0, CAB W2k.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with PKZIP W2k.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with LHA W2k.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with ARJ W2k.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with RAR W2k.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with WinRAR 2.0 W2k.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with CAB W2k.M4: "False Positive" detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" W2k.M5: "Macro-Malware": Results of "full" zoo test for Macro-related malware W2k.S1: "ScriptVirus 1": Results of "full" test for script viruses (VBS, JS etc) W2k.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses W2k.S5: "Script-Malware": Results of "full" zoo test for Script-related malware Table W2k.F1: "FileVirus 1": Results of "full" Zoo Test for file viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 21790 100.0% 158747 100.0% ------------------------------------------------------------ AVA 20960 96.2 808 3.7 429 2.0 152447 96.0 AVG 17555 80.6 6086 27.9 461 2.1 133992 84.4 AVK 21777 99.9 837 3.8 10 0.~ 158679 100.~ AVP 21783 100.~ 623 2.9 1 0.~ 158701 100.~ BDF 18054 82.9 1444 6.6 797 3.7 135716 85.5 CMD 21458 98.5 169 0.8 73 0.3 157448 99.2 DRW 21414 98.3 1119 5.1 258 1.2 156764 98.8 FPR 21526 98.8 194 0.9 43 0.2 157777 99.4 FPW 21524 98.8 199 0.9 54 0.2 157725 99.4 FSE 21784 100.~ 206 0.9 1 0.~ 158702 100.~ IKA 19442 89.2 4393 20.2 700 3.2 142788 89.9 INO 21514 98.7 786 3.6 208 1.0 157117 99.0 MR2 2068 9.5 124 0.6 271 1.2 14952 9.4 NAV 21428 98.3 2588 11.9 814 3.7 152965 96.4 NVC 21314 97.8 6143 28.2 274 1.3 155577 98.0 PRO 15344 70.4 785 3.6 1996 9.2 108070 68.1 RAV 20626 94.7 755 3.5 327 1.5 149695 94.3 SCN 21736 99.8 951 4.4 49 0.2 158425 99.8 VSP 3043 14.0 710 3.3 479 2.2 21126 13.3 ------------------------------------------------------------ Mean: 85.6% 85.8% Mean (rate>10%): 89.8% 90.1% ------------------------------------------------------------ Remark: decimal ~ indicates that result is rounded: (100.~ up to 100.0%, 0.~ down to 0.0%). Table W2k.F2: "FileVirus 2": Results of "In-The-Wild" Test for file viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 50 100.0% 442 100.0% ------------------------------------------------------------ AVA 50 100.0 7 14.0 4 8.0 434 98.2 AVG 49 98.0 10 20.0 3 6.0 435 98.4 AVK 50 100.0 6 12.0 0 0.0 442 100.0 AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 48 96.0 4 8.0 3 6.0 430 97.3 FPW 49 98.0 4 8.0 3 6.0 433 98.0 FSE 50 100.0 8 16.0 0 0.0 442 100.0 IKA 50 100.0 3 6.0 4 8.0 437 98.9 INO 50 100.0 7 14.0 1 2.0 441 99.8 MR2 12 24.0 0 0.0 4 8.0 169 38.2 NAV 50 100.0 11 22.0 0 0.0 442 100.0 NVC 50 100.0 6 12.0 6 12.0 430 97.3 PRO 50 100.0 2 4.0 11 22.0 404 91.4 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 5 10.0 1 2.0 1 2.0 120 27.1 ------------------------------------------------------------ Mean: 90.7% 91.5% Mean (rate>10%): 95.2% 95.1% ------------------------------------------------------------ Table W2k.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ARJ % CAB % LHA % RAR % WinRAR 2.9 % ZIP % ------------------------------------------------------------------------------ Testbed 50 100.0% 50 100.0% 50 100.0% 50 100.0% 50 100.0% 50 100.0% ------------------------------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 49 98.0 0 0.0 0 0.0 49 98.0 0 0.0 49 98.0 AVK 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 AVP 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 BDF 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 CMD 49 98.0 49 98.0 49 98.0 49 98.0 0 0.0 49 98.0 DRW 50 100.0 50 100.0 0 0.0 50 100.0 0 0.0 50 100.0 FPR 49 98.0 49 98.0 49 98.0 49 98.0 0 0.0 49 98.0 FPW 49 98.0 49 98.0 49 98.0 49 98.0 0 0.0 49 98.0 FSE 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 IKA 50 100.0 22 44.0 0 0.0 0 0.0 0 0.0 49 98.0 INO 48 96.0 0 0.0 0 0.0 0 0.0 0 0.0 47 94.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 33 66.0 0 0.0 50 100.0 0 0.0 0 0.0 50 100.0 NVC 50 100.0 0 0.0 0 0.0 0 0.0 0 0.0 50 100.0 PRO 50 100.0 0 0.0 0 0.0 0 0.0 0 0.0 50 100.0 RAV 50 100.0 50 100.0 0 0.0 50 100.0 25 50.0 50 100.0 SCN 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Mean: 81.9% 54.6% 47.1% 57.5% 2.6% 83.4% Mean rate>10%:97.1% 94.4% 99.3% 99.3% 50.0% 99.0% ------------------------------------------------------------------------------- Table W2k.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================== This includes Viral objects detected per packer ------------------------------------------------------------------------------- ARJ % CAB % LHA % RAR % WinRAR 2.9 % ZIP % ------------------------------------------------------------------------------- Testbed 442 100.0% 442 100.0% 442 100.0% 442 100.0% 442 100.0% 442 100.0% ------------------------------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 435 98.4 0 0.0 0 0.0 435 98.4 0 0.0 424 95.9 AVK 442 100.0 442 100.0 440 99.5 442 100.0 0 0.0 442 100.0 AVP 442 100.0 442 100.0 442 100.0 442 100.0 0 0.0 442 100.0 BDF 428 96.8 428 96.8 428 96.8 428 96.8 0 0.0 428 96.8 CMD 433 98.0 433 98.0 433 98.0 433 98.0 0 0.0 433 98.0 DRW 442 100.0 442 100.0 0 0.0 442 100.0 0 0.0 442 100.0 FPR 433 98.0 433 98.0 433 98.0 433 98.0 0 0.0 433 98.0 FPW 433 98.0 433 98.0 433 98.0 433 98.0 0 0.0 433 98.0 FSE 442 100.0 442 100.0 442 100.0 442 100.0 0 0.0 442 100.0 IKA 437 98.9 22 5.0 0 0.0 0 0.0 0 0.0 425 96.2 INO 433 98.0 0 0.0 0 0.0 0 0.0 0 0.0 431 97.5 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 344 77.8 0 0.0 439 99.3 0 0.0 0 0.0 442 100.0 NVC 430 97.3 0 0.0 0 0.0 0 0.0 0 0.0 430 97.3 PRO 404 91.4 0 0.0 0 0.0 0 0.0 0 0.0 404 91.4 RAV 438 99.1 438 99.1 0 0.0 438 99.1 86 19.5 438 99.1 SCN 442 100.0 442 100.0 442 100.0 442 100.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Mean: 81.7% 52.4% 46.8% 57.3% 1.0% 82.5% Mean rate>10%:97.0% 90.5% 98.8% 98.9% 19.5% 98.0% ------------------------------------------------------------------------------- Table W2k.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 49 98.0 7 14.0 11 22.0 424 95.9 AVK 50 100.0 6 12.0 0 0.0 442 100.0 AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 FPW 49 98.0 4 8.0 3 6.0 433 98.0 FSE 50 100.0 36 72.0 0 0.0 442 100.0 IKA 49 98.0 1 2.0 13 26.0 425 96.2 INO 47 94.0 4 8.0 2 4.0 431 97.5 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 50 100.0 11 22.0 0 0.0 442 100.0 NVC 50 100.0 6 12.0 6 12.0 430 97.3 PRO 50 100.0 2 4.0 11 22.0 404 91.4 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 83.4% 82.5% Mean (rate>10%): 98.9% 98.0% ----------------------------------------------------------- Table W2k.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 50 100.0 6 12.0 2 4.0 440 99.5 AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 5 10.0 3 6.0 433 98.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FPR 49 98.0 5 10.0 3 6.0 433 98.0 FPW 49 98.0 5 10.0 3 6.0 433 98.0 FSE 50 100.0 36 72.0 0 0.0 442 100.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 50 100.0 11 22.0 1 2.0 439 99.3 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------ Mean: 47.1% 46.8% Mean (rate>10%): 99.3% 98.8% ------------------------------------------------------------ Table W2k.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 49 98.0 11 22.0 3 6.0 435 98.4 AVK 50 100.0 6 12.0 0 0.0 442 100.0 AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 FPW 49 98.0 4 8.0 3 6.0 433 98.0 FSE 50 100.0 36 72.0 0 0.0 442 100.0 IKA 50 100.0 3 6.0 4 8.0 437 98.9 INO 48 96.0 4 8.0 2 4.0 433 98.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 33 66.0 5 10.0 0 0.0 344 77.8 NVC 50 100.0 6 12.0 6 12.0 430 97.3 PRO 50 100.0 2 4.0 11 22.0 404 91.4 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 81.8% 81.7% Mean (rate>10%): 97.1% 97.0% ----------------------------------------------------------- Table W2k.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 49 98.0 10 20.0 3 6.0 435 98.4 AVK 50 100.0 6 12.0 0 0.0 442 100.0 AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 FPW 49 98.0 4 8.0 3 6.0 433 98.0 FSE 50 100.0 6 12.0 0 0.0 442 100.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 57.5% 57.3% Mean (rate>10%): 99.3% 98.9% ----------------------------------------------------------- Table W2k.F3e: "WINRAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 2.9: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 0 0.0 0 0.0 0 0.0 0 0.0 AVP 0 0.0 0 0.0 0 0.0 0 0.0 BDF 0 0.0 0 0.0 0 0.0 0 0.0 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 25 50.0 0 0.0 9 18.0 86 19.5 SCN 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 2.6% 1.0% Mean (rate>10%): 50.0% 19.5% ----------------------------------------------------------- Table W2k.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 50 100.0 6 12.0 0 0.0 442 100.0 AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 FPW 49 98.0 4 8.0 3 6.0 433 98.0 FSE 50 100.0 6 12.0 0 0.0 442 100.0 IKA 22 44.0 0 0.0 8 16.0 22 5.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 54.6% 52.4% Mean (rate>10%): 94.4% 90.5% ----------------------------------------------------------- Table W2k.F4: "False Positive" file virus detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives": ============================================================= False positive Scanner detection ----------------------------- Testbed 664 100.0% ----------------------------- AVA 0 0.0 AVG 0 0.0 AVK 0 0.0 AVP 0 0.0 BDF 0 0.0 CMD 0 0.0 DRW 1 0.2 FPR 0 0.0 FPW 0 0.0 FSE 0 0.0 IKA 0 0.0 INO 0 0.0 MR2 0 0.0 NAV 0 0.0 NVC 0 0.0 PRO 0 0.0 RAV 0 0.0 SCN 0 0.0 VSP 0 0.0 ----------------------------- Table W2k.F5: "File-Malware": Results of "full" Zoo Test for File-related malware: ==================================================== This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 8001 100.0% 18277 100.0% ------------------------------------------------------------ AVA 5920 74.0 1719 21.5 480 6.0 13654 74.7 AVG 4025 50.3 1173 14.7 416 5.2 8242 45.1 AVK 7893 98.7 822 10.3 47 0.6 18076 98.9 AVP 7899 98.7 778 9.7 40 0.5 18098 99.0 BDF 4570 57.1 305 3.8 537 6.7 9903 54.2 CMD 7283 91.0 3366 42.1 287 3.6 16184 88.5 DRW 6028 75.3 466 5.8 389 4.9 13424 73.4 FPR 7306 91.3 3383 42.3 289 3.6 16290 89.1 FPW 7306 91.3 3387 42.3 286 3.6 16287 89.1 FSE 7943 99.3 3544 44.3 27 0.3 18169 99.4 IKA 5367 67.1 1004 12.5 478 6.0 11439 62.6 INO 6590 82.4 2113 26.4 589 7.4 14062 76.9 MR2 846 10.6 37 0.5 176 2.2 1394 7.6 NAV 6251 78.1 1359 17.0 578 7.2 13274 72.6 NVC 6248 78.1 1601 20.0 402 5.0 14440 79.0 PRO 2948 36.8 87 1.1 514 6.4 5200 28.5 RAV 6889 86.1 411 5.1 403 5.0 15026 82.2 SCN 7422 92.8 660 8.2 82 1.0 17457 95.5 VSP 3066 38.3 547 6.8 213 2.7 4852 26.5 ----------------------------------------------------------- Mean: 73.5% 70.7% Mean (rate>10%): 73.5% 70.7% ----------------------------------------------------------- Table W2k.M1: "MacroVirus 1": Results of "full" zoo test for macro viruses under Windows-2000: ========================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 7306 100.0% 25231 100.0% ------------------------------------------------------------ AVA 7147 97.8 48 0.7 39 0.5 24703 97.9 AVG 7167 98.1 59 0.8 15 0.2 24772 98.2 AVK 7304 100.~ 163 2.2 1 0.~ 25193 99.8 AVP 7304 100.~ 134 1.8 1 0.~ 25193 99.8 BDF 7231 99.0 1727 23.6 12 0.2 24942 98.9 CMD 7302 99.9 62 0.8 4 0.1 25199 99.9 DRW 7263 99.4 172 2.4 15 0.2 25110 99.5 FPR 7303 100.~ 63 0.9 4 0.1 25200 99.9 FPW 7303 100.~ 63 0.9 4 0.1 25200 99.9 FSE 7305 100.~ 57 0.8 0 0.0 25222 100.~ IKA 7030 96.2 689 9.4 177 2.4 24349 96.5 INO 7298 99.9 130 1.8 6 0.1 25204 99.9 MR2 761 10.4 107 1.5 9 0.1 2254 8.9 NAV 7280 99.6 286 3.9 13 0.2 25119 99.6 NVC 7295 99.8 118 1.6 16 0.2 25161 99.7 PRO 5315 72.7 190 2.6 189 2.6 17535 69.5 RAV 7299 99.9 422 5.8 7 0.1 25211 99.9 SCN 7306 100.0 80 1.1 1 0.~ 25227 100.~ VSP 2 0.~ 0 0.0 2 0.~ 2 0.~ ----------------------------------------------------------- Mean 88.0% 87.8% Mean (rate>10%) 92.9% 92.7% ----------------------------------------------------------- Table W2k.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses under Windows-2000: ========================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 124 100.0 7 5.6 4 3.2 1332 99.6 AVG 124 100.0 12 9.7 1 0.8 1336 99.9 AVK 124 100.0 11 8.9 0 0.0 1337 100.0 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FPW 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 124 100.0 6 4.8 0 0.0 1337 100.0 IKA 124 100.0 25 20.2 3 2.4 1330 99.5 INO 124 100.0 9 7.3 0 0.0 1337 100.0 MR2 11 8.9 1 0.8 4 3.2 374 28.0 NAV 124 100.0 16 12.9 0 0.0 1337 100.0 NVC 124 100.0 13 10.5 2 1.6 1335 99.9 PRO 124 100.0 19 15.3 7 5.6 1327 99.3 RAV 124 100.0 27 21.8 2 1.6 1334 99.8 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 89.9% 90.8% Mean (rate>10%) 100.0% 99.9% ----------------------------------------------------------- Table W2k.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ARJ % CAB % LHA % RAR % WinRAR 2.0 % ZIP % ------------------------------------------------------------------------------- Testbed 124 100.0% 124 100.0% 124 100.0% 124 100.0% 124 100.0% 124 100.0% ------------------------------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 0 0.0 0 0.0 124 100.0 124 100.0 124 100.0 AVK 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 AVP 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 BDF 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 CMD 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 DRW 124 100.0 124 100.0 0 0.0 124 100.0 124 100.0 124 100.0 FPR 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 FPW 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 FSE 124 100.0 123 99.2 124 100.0 123 99.2 123 99.2 124 100.0 IKA 124 100.0 22 17.7 0 0.0 0 0.0 0 0.0 124 100.0 INO 124 100.0 0 0.0 0 0.0 0 0.0 0 0.0 124 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 124 100.0 0 0.0 124 100.0 0 0.0 0 0.0 124 100.0 NVC 124 100.0 0 0.0 0 0.0 0 0.0 0 0.0 124 100.0 PRO 124 100.0 0 0.0 0 0.0 0 0.0 0 0.0 124 100.0 RAV 124 100.0 124 100.0 0 0.0 124 100.0 124 100.0 124 100.0 SCN 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Mean 84.2% 53.5% 47.4% 57.9% 57.9% 84.2% Meanrate>10% 100.0% 92.5% 100.0% 99.9% 99.9% 100.0% ------------------------------------------------------------------------------- Table W2k.M3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================= This includes Viral objects detected per packer ------------------------------------------------------------------------------- ARJ % CAB % LHA % RAR % WinRAR 2.0 % ZIP % ------------------------------------------------------------------------------- Testbed 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% ------------------------------------------------------------------------------- AVA 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 AVG 1336 99.9 0 0.0 0 0.0 1336 99.9 1336 99.9 1324 99.0 AVK 1337 100.0 1336 99.9 1110 83.0 1337 100.0 1337 100.0 1337 100.0 AVP 1337 100.0 1336 99.9 1337 100.0 1337 100.0 1337 100.0 1337 100.0 BDF 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 CMD 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 DRW 1337 100.0 1337 100.0 0 0.0 1337 100.0 1337 100.0 1337 100.0 FPR 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 FPW 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 FSE 1337 100.0 1331 99.6 1337 100.0 1332 99.6 1319 98.7 1337 100.0 IKA 1330 99.5 22 1.6 0 0.0 0 0.0 0 0.0 1330 99.5 INO 1337 100.0 0 0.0 0 0.0 0 0.0 0 0.0 1337 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 NAV 1337 100.0 0 0.0 1336 99.9 0 0.0 0 0.0 1337 100.0 NVC 1335 99.9 0 0.0 0 0.0 0 0.0 0 0.0 1335 99.9 PRO 1327 99.3 0 0.0 0 0.0 0 0.0 0 0.0 1327 99.3 RAV 1271 95.1 1331 99.6 0 0.0 1271 95.1 1148 85.9 1271 95.1 SCN 1337 100.0 1337 100.0 1337 100.0 1337 100.0 1337 100.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 ------------------------------------------------------------------------------- Mean 84.0% 52.6% 46.5% 57.6% 57.1% 83.8% Meanrate>10% 99.6% 90.9% 98.1% 99.5% 98.6% 99.6% ------------------------------------------------------------------------------- Table W2k.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with PKZIP under Windows-2000: ======================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 11 8.9 10 8.1 1324 99.0 AVK 124 100.0 12 9.7 0 0.0 1337 100.0 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FPW 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 124 100.0 123 99.2 0 0.0 1337 100.0 IKA 124 100.0 25 20.2 3 2.4 1330 99.5 INO 124 100.0 9 7.3 0 0.0 1337 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 124 100.0 12 9.7 0 0.0 1337 100.0 NVC 124 100.0 13 10.5 2 1.6 1335 99.9 PRO 124 100.0 19 15.3 7 5.6 1327 99.3 RAV 124 100.0 28 22.6 22 17.7 1271 95.1 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 84.2% 83.8% Mean (rate>10%) ----------------------------------------------------------- Table W2k.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with LHA under Windows-2000: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 124 100.0 11 8.9 1 0.8 1110 83.0 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FPW 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 124 100.0 123 99.2 0 0.0 1337 100.0 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 124 100.0 12 9.7 1 0.8 1336 99.9 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 47.4% 46.5% Mean (rate>10%) 100.0% 98.1% ----------------------------------------------------------- Table W2k.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with ARJ under Windows-2000: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 12 9.7 1 0.8 1336 99.9 AVK 124 100.0 12 9.7 0 0.0 1337 100.0 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FPW 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 124 100.0 123 99.2 0 0.0 1337 100.0 IKA 124 100.0 25 20.2 3 2.4 1330 99.5 INO 124 100.0 9 7.3 0 0.0 1337 100.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 124 100.0 12 9.7 0 0.0 1337 100.0 NVC 124 100.0 13 10.5 2 1.6 1335 99.9 PRO 124 100.0 19 15.3 7 5.6 1327 99.3 RAV 124 100.0 28 22.6 22 17.7 1271 95.1 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 84.2% 83.9% Mean (rate>10%) 100.0% 99.6% ----------------------------------------------------------- Table W2k.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with RAR under Windows-2000: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 12 9.7 1 0.8 1336 99.9 AVK 124 100.0 12 9.7 0 0.0 1337 100.0 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FPW 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 123 99.2 10 8.1 0 0.0 1332 99.6 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 28 22.6 22 17.7 1271 95.1 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 57.9% 57.6% Mean (rate>10%) 99.9% 99.5% ----------------------------------------------------------- Table W2k.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with WinRAR 2.0: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 124 100.0 12 9.7 1 0.8 1336 99.9 AVK 124 100.0 12 9.7 0 0.0 1337 100.0 AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FPW 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 123 99.2 10 8.1 1 0.8 1319 98.7 IKA 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 27 21.8 24 19.4 1148 85.9 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 57.9% 57.1% Mean (rate>10%) 99.9% 98.6% ----------------------------------------------------------- Table W2k.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 124 100.0 12 9.7 1 0.8 1336 99.9 AVP 124 100.0 10 8.1 1 0.8 1336 99.9 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FPW 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 123 99.2 10 8.1 1 0.8 1331 99.6 IKA 22 17.7 0 0.0 22 17.7 22 1.6 INO 0 0.0 0 0.0 0 0.0 0 0.0 MR2 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 28 22.6 5 4.0 1331 99.6 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean 53.5% 52.6% Mean (rate>10%) 52.5% 90.0% ----------------------------------------------------------- Table W2k.M4: "False Positive" macro virus detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" under Windows-2000: ================================================================= False positive Scanner detection ----------------------------- Testbed 329 100.0% ----------------------------- AVA 0 0.0 AVG 0 0.0 AVK 1 0.3 AVP 5 1.5 BDF 0 0.0 CMD 2 0.6 DRW 29 8.8 FPR 2 0.6 FPW 2 0.6 FSE 2 0.6 IKA 11 3.3 INO 0 0.0 MR2 3 0.9 NAV 0 0.0 NVC 5 1.5 PRO 0 0.0 RAV 1 0.3 SCN 0 0.0 VSP 0 0.0 ----------------------------- Table W2k.M5: "Macro-Malware": Results of "full" test for Macro-related malware under Windows-2000: ========================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 450 100.0% 747 100.0% ------------------------------------------------------------ AVA 408 90.7 4 0.9 7 1.6 646 86.5 AVG 361 80.2 1 0.2 5 1.1 621 83.1 AVK 450 100.0 3 0.7 1 0.2 745 99.7 AVP 450 100.0 1 0.2 1 0.2 745 99.7 BDF 413 91.8 100 22.2 5 1.1 679 90.9 CMD 447 99.3 2 0.4 0 0.0 735 98.4 DRW 410 91.1 30 6.7 8 1.8 683 91.4 FPR 447 99.3 2 0.4 0 0.0 735 98.4 FPW 447 99.3 2 0.4 0 0.0 735 98.4 FSE 450 100.0 3 0.7 1 0.2 745 99.7 IKA 412 91.6 47 10.4 8 1.8 682 91.3 INO 422 93.8 17 3.8 1 0.2 709 94.9 MR2 133 29.6 18 4.0 2 0.4 205 27.4 NAV 418 92.9 40 8.9 8 1.8 679 90.9 NVC 442 98.2 13 2.9 2 0.4 711 95.2 PRO 251 55.8 2 0.4 10 2.2 391 52.3 RAV 447 99.3 39 8.7 4 0.9 730 97.7 SCN 450 100.0 5 1.1 2 0.4 745 99.7 VSP 1 0.2 0 0.0 0 0.0 1 0.1 ----------------------------------------------------------- Mean 84.9% 84.0% Mean (rate>10%) 89.6% 88.6% ----------------------------------------------------------- Table W2k.S1: "ScriptVirus 1": Results of "full" Zoo test for script viruses: ================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 823 100.0% 1574 100.0% ------------------------------------------------------------ AVA 259 31.5 7 0.9 47 5.7 565 35.9 AVG 526 63.9 32 3.9 46 5.6 1014 64.4 AVK 815 99.0 188 22.8 2 0.2 1563 99.3 AVP 814 98.9 83 10.1 1 0.1 1562 99.2 BDF 594 72.2 88 10.7 59 7.2 1068 67.9 CMD 733 89.1 112 13.6 25 3.0 1342 85.3 DRW 779 94.7 120 14.6 22 2.7 1436 91.2 FPR 730 88.7 107 13.0 28 3.4 1335 84.8 FPW 730 88.7 107 13.0 28 3.4 1333 84.7 FSE 819 99.5 137 16.6 2 0.2 1566 99.5 IKA 668 81.2 103 12.5 62 7.5 1195 75.9 INO 779 94.7 114 13.9 31 3.8 1457 92.6 MR2 667 81.0 109 13.2 71 8.6 1146 72.8 NAV 797 96.8 241 29.3 33 4.0 1490 94.7 NVC 721 87.6 79 9.6 35 4.3 1270 80.7 PRO 492 59.8 75 9.1 67 8.1 873 55.5 RAV 791 96.1 108 13.1 26 3.2 1496 95.0 SCN 820 99.6 72 8.7 1 0.1 1570 99.7 VSP 668 81.2 96 11.7 72 8.7 1148 72.9 ----------------------------------------------------------- Mean 84.4% 81.7% Mean (rate>10%) 84.4% 81.7% ----------------------------------------------------------- Table W2k.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 20 100.0% 122 100.0% ------------------------------------------------------------ AVA 20 100.0 0 0.0 3 15.0 114 93.4 AVG 20 100.0 3 15.0 0 0.0 122 100.0 AVK 20 100.0 5 25.0 0 0.0 122 100.0 AVP 20 100.0 3 15.0 0 0.0 122 100.0 BDF 20 100.0 3 15.0 1 5.0 119 97.5 CMD 20 100.0 4 20.0 0 0.0 122 100.0 DRW 20 100.0 2 10.0 0 0.0 122 100.0 FPR 20 100.0 4 20.0 0 0.0 122 100.0 FPW 20 100.0 4 20.0 0 0.0 122 100.0 FSE 20 100.0 4 20.0 0 0.0 122 100.0 IKA 20 100.0 7 35.0 1 5.0 121 99.2 INO 20 100.0 5 25.0 1 5.0 121 99.2 MR2 18 90.0 4 20.0 4 20.0 99 81.1 NAV 20 100.0 6 30.0 0 0.0 122 100.0 NVC 20 100.0 9 45.0 0 0.0 122 100.0 PRO 20 100.0 5 25.0 3 15.0 118 96.7 RAV 20 100.0 7 35.0 0 0.0 122 100.0 SCN 20 100.0 3 15.0 0 0.0 122 100.0 VSP 18 90.0 4 20.0 4 20.0 99 81.1 ----------------------------------------------------------- Mean 99.0% 97.3% Mean (rate>10%) 99.0% 97.3% ----------------------------------------------------------- Table W2k.S5: "Script-Malware": Results of "full" test for Script-related malware under Windows-2000: ========================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 117 100.0% 202 100.0% ------------------------------------------------------------ AVA 2 1.7 0 0.0 0 0.0 2 1.0 AVG 14 12.0 0 0.0 1 0.9 15 7.4 AVK 112 95.7 19 16.2 3 2.6 189 93.6 AVP 112 95.7 18 15.4 3 2.6 189 93.6 BDF 37 31.6 6 5.1 11 9.4 40 19.8 CMD 33 28.2 16 13.7 6 5.1 36 17.8 DRW 72 61.5 14 12.0 10 8.5 120 59.4 FPR 33 28.2 16 13.7 6 5.1 36 17.8 FPW 33 28.2 16 13.7 6 5.1 36 17.8 FSE 114 97.4 30 25.6 3 2.6 192 95.0 IKA 53 45.3 6 5.1 13 11.1 58 28.7 INO 82 70.1 33 28.2 12 10.3 114 56.4 MR2 32 27.4 4 3.4 5 4.3 33 16.3 NAV 107 91.5 34 29.1 10 8.5 160 79.2 NVC 24 20.5 0 0.0 3 2.6 32 15.8 PRO 31 26.5 4 3.4 8 6.8 37 18.3 RAV 96 82.1 12 10.3 10 8.5 145 71.8 SCN 115 98.3 10 8.5 4 3.4 188 93.1 VSP 32 27.4 4 3.4 5 4.3 33 16.3 ----------------------------------------------------------- Mean 51.0% 43.1% Mean (rate>10%) 53.8% 45.5% -----------------------------------------------------------