======================================================== aVTC Test "2002-12" (File 6xLin.TXT): -------------------------------------------------------- Detailed results of File, Macro and Script Virus related on-demand scanner tests under Linux (SuSe edition): ======================================================== (Formatted with non-proportional font: Courier; 72 columns) The following *8* products (versions) participated in this part of VTC test "2002-12" (for details of related AV products: see A2SCNLS.txt): ========================================================= AVK v(def): 3.0 beta 1.1 Sig/date: December 7, 2001 CMD v(def): 4.64.1 SIGN.DEF date: December 17, 2001 SIGN2.DEF date: December 17, 2001 MACRO.DEF date: December 16, 2001 DRW v(def): Dr.Web for Linux, version 4.26 date: September 22, 2001 Sig/date: December 17, 2001 FPR v(def): --- FSE v(def): Release 4.13 build 3360 Eng: F-PROT 3.10 build 701 sign.def date: December 13, 2001 sign2.def date: December 13, 2001 fsmacro.def date: December 13, 2001 OAV v(def): 0.2.0 date: December 12, 2001 Sig: 2001.12.20.22.33 Sig/date: December 20, 2001 RAV v(def): 8.3.1 Eng: 8.5 for i386 Sig/date: December 17, 2001 at 16:22:24 SCN v(def): 4.16.0 Sig: 4177 date: December 17, 2001 ========================================================= The following tables summarize detection and identification quality concerning FILE, MACRO and SCRIPT viruses as well as selected FILE, MACRO and SCRIPT MALWARE, both in full "zoo" virus collection and for viral In-The-Wild testbeds, under LINUX (SuSe). Moreover, results for detection of viruses in objects compressed with 6 popular packing methods are also given. Finally, a special test was performed concerning "false positive" virus detection of selected files which were deliberately chosen from available CD-ROMs and which were definitively clean of viruses. For discussion of results, see 7EVALLIN.txt. As usual, results may be influenced by problems experienced during tests; such problems are documented in 8PROBLMS.TXT. Index of tables: ---------------- LIN.F1: "FileVirus 1": Results of "full" Zoo test for file viruses LIN.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses LIN.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.9 and CAB LIN.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of infected ITW file objects packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.9 and CAB LIN.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP LIN.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA LIN.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ LIN.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR LIN.F3e: "WINRAR-Packed Macro Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 2.9 LIN.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB LIN.F4: "False Positive" File Virus Detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives" LIN.F5: "File-Malware": Results of "full" Zoo test for file-related (non-viral) malware LIN.M1: "MacroVirus 1": Results of "full" Zoo test for macro viruses LIN.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses LIN.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.0 and CAB LIN.M3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of infected ITW macro objects packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.0 and CAB LIN.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with PKZIP LIN.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with LHA LIN.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with ARJ LIN.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with RAR LIN.M3e: "WINRAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with WINRAR 2.0 LIN.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with CAB LIN.M4: "False Positive" macro virus detection: Results of "full" Zoo test for non-viral (clean) macro objects detected as "false positives" LIN.M5: "Macro-Malware": Results of "full" Zoo test for Macro-related (non-viral) malware LIN.S1: "ScriptVirus 1": Results of partial Zoo test for script viruses (esp. VBS and MIRC) LIN.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses LIN.S5: "Script-Malware": Results of "full" Zoo test for Script-related (non-viral) malware Table LIN.F1: "FileVirus 1": Results of "full" Zoo test for file viruses: =============================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 21790 100.0% 158747 100.0% ------------------------------------------------------------ AVK 21770 99.9 625 2.9 13 0.1 158639 99.9 CMD 21591 99.1 216 1.0 53 0.2 158069 99.6 DRW 21414 98.3 1119 5.1 259 1.2 156758 98.7 FPR 21547 98.9 214 1.0 54 0.2 157839 99.4 FSE 21359 98.0 105 0.5 87 0.4 156994 98.9 OAV 1989 9.1 4 0.~ 278 1.3 14382 9.1 RAV 21065 96.7 770 3.5 331 1.5 153343 96.6 SCN 21736 99.8 1204 5.5 63 0.3 158213 99.7 ----------------------------------------------------------- Mean: 87.5% 87.7% Mean (rate>10%): 98.7% 99.0% ----------------------------------------------------------- Remark: decimal ~ indicates that result is rounded: (100.~ up to 100.0%, 0.~ down to 0.0%). Table LIN.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses: ========================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 442 100.0% ------------------------------------------------------------ AVK 50 100.0 6 12.0 0 0.0 442 100.0 CMD 49 98.0 5 10.0 2 4.0 434 98.2 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 FSE 49 98.0 4 8.0 3 6.0 433 98.0 OAV 17 34.0 0 0.0 5 10.0 91 20.6 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 ----------------------------------------------------------- Mean: 91.0% 89.2% Mean (rate>10%): 91.0% 89.2% ----------------------------------------------------------- Table LIN.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ARJ % CAB % LHA % RAR % WinRAR 2.9 % ZIP % ------------------------------------------------------------------------------ Testbed 50 100.0% 50 100.0% 50 100.0% 50 100.0% 50 100.0% 50 100.0% ------------------------------------------------------------------------------- AVK 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 CMD 49 98.0 49 98.0 49 98.0 49 98.0 1 2.0 49 98.0 DRW 50 100.0 50 100.0 0 0.0 50 100.0 0 0.0 50 100.0 FPR 49 98.0 49 98.0 49 98.0 49 98.0 0 0.0 49 98.0 FSE 49 98.0 0 0.0 49 98.0 0 0.0 0 0.0 49 98.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 50 100.0 0 0.0 50 100.0 18 36.0 50 100.0 SCN 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 ------------------------------------------------------------------------------- Mean: 86.8% 74.5% 61.8% 74.5% 4.8% 86.8% Mean rate>10%:99.1% 99.3% 98.8% 99.3% 36.0% 99.1% ------------------------------------------------------------------------------- Table LIN.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================== This includes Viral objects detected per packer ------------------------------------------------------------------------------- ARJ % CAB % LHA % RAR % WinRAR 2.9 % ZIP % ------------------------------------------------------------------------------- Testbed 442 100.0% 442 100.0% 442 100.0% 442 100.0% 442 100.0% 442 100.0% ------------------------------------------------------------------------------- AVK 441 99.8 441 99.8 441 99.8 441 99.8 0 0.0 441 99.8 CMD 434 98.2 434 98.2 434 98.2 434 98.2 1 0.2 434 98.2 DRW 442 100.0 442 100.0 0 0.0 442 100.0 0 0.0 442 100.0 FPR 433 98.0 433 98.0 433 98.0 433 98.0 0 0.0 433 98.0 FSE 433 98.0 0 0.0 433 98.0 0 0.0 0 0.0 433 98.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 RAV 438 99.1 438 99.1 0 0.0 435 98.4 70 15.8 438 99.1 SCN 442 100.0 442 100.0 442 100.0 442 100.0 0 0.0 442 100.0 ------------------------------------------------------------------------------- Mean: 86.6% 74.4% 61.8% 74.3% 2.0% 86.0% Mean rate>10%:99.0% 99.2% 98.8% 99.1% 15.8% 99.0% ------------------------------------------------------------------------------- Table LIN.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVK 50 100.0 5 10.0 1 2.0 441 99.8 CMD 49 98.0 5 10.0 2 4.0 434 98.2 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 FSE 49 98.0 4 8.0 3 6.0 433 98.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 3 6.0 0 0.0 442 100.0 ----------------------------------------------------------- Mean: 86.8% 86.6% Mean (rate>10%): 99.1% 99.0% ----------------------------------------------------------- Table LIN.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVK 50 100.0 5 10.0 1 2.0 441 99.8 CMD 49 98.0 6 12.0 2 4.0 434 98.2 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FPR 49 98.0 5 10.0 3 6.0 433 98.0 FSE 49 98.0 4 8.0 3 6.0 433 98.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 50 100.0 3 6.0 0 0.0 442 100.0 ------------------------------------------------------------ Mean: 61.8% 61.8% Mean (rate>10%): 98.8% 98.8% ------------------------------------------------------------ Table LIN.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVK 50 100.0 5 10.0 1 2.0 441 99.8 CMD 49 98.0 5 10.0 2 4.0 434 98.2 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 FSE 49 98.0 4 8.0 3 6.0 433 98.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 ----------------------------------------------------------- Mean: 86.8% 86.6% Mean (rate>10%): 99.1% 99.0% ----------------------------------------------------------- Table LIN.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVK 50 100.0 5 10.0 1 2.0 441 99.8 CMD 49 98.0 5 10.0 2 4.0 434 98.2 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 6 12.0 4 8.0 435 98.4 SCN 50 100.0 3 6.0 0 0.0 442 100.0 ----------------------------------------------------------- Mean: 74.5% 74.3% Mean (rate>10%): 99.3% 99.1% ----------------------------------------------------------- Table LIN.F3e: "WINRAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 2.9: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVK 0 0.0 0 0.0 0 0.0 0 0.0 CMD 1 2.0 0 0.0 1 2.0 1 0.2 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 18 36.0 0 0.0 12 24.0 70 15.8 SCN 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 4.8% 2.0% Mean (rate>10%): 36.0% 15.8% ----------------------------------------------------------- Table LIN.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVK 50 100.0 5 10.0 1 2.0 441 99.8 CMD 49 98.0 5 10.0 2 4.0 434 98.2 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FPR 49 98.0 4 8.0 3 6.0 433 98.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 3 6.0 0 0.0 442 100.0 ----------------------------------------------------------- Mean: 74.5% 74.4% Mean (rate>10%):99.3% 99.2% ----------------------------------------------------------- Table LIN.F4: "False Positive" file virus detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives": ============================================================= False positive Scanner detection ----------------------------- Testbed 664 100.0% ----------------------------- AVK 0 0.0 CMD 2 0.3 DRW 1 0.2 FPR 0 0.0 FSE 0 0.0 OAV 0 0.0 RAV 0 0.0 SCN 0 0.0 ----------------------------- Table LIN.F5: "File-Malware": Results of "full" Zoo Test for File-related malware: ==================================================== This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 8001 100.0% 18277 100.0% ------------------------------------------------------------ AVK 7813 97.7 758 9.5 80 1.0 17876 97.8 CMD 7398 92.5 3475 43.4 242 3.0 16573 90.7 DRW 6028 75.3 466 5.8 389 4.9 13424 73.4 FPR 7313 91.4 3401 42.5 287 3.6 16314 89.3 FSE 7195 89.9 3283 41.0 299 3.7 16027 87.7 OAV 386 4.8 5 0.1 47 0.6 723 4.0 RAV 6889 86.1 411 5.1 403 5.0 15026 82.2 SCN 7368 92.1 683 8.5 87 1.1 17255 94.4 ----------------------------------------------------------- Mean: 78.7% 77.4% Mean (rate>10%): 89.3% 87.9% ----------------------------------------------------------- Table LIN.M1: "MacroVirus 1": Results of "full" Zoo test for macro viruses: =============================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 7306 100.0% 25231 100.0% ------------------------------------------------------------ AVK 7304 100.~ 2327 31.9 1 0.~ 25193 99.8 CMD 7303 100.~ 63 0.9 4 0.1 25200 99.9 DRW 7263 99.4 172 2.4 15 0.2 25110 99.5 FPR 7303 100.~ 63 0.9 4 0.1 25200 99.9 FSE 7303 100.~ 66 0.9 4 0.1 25215 99.9 OAV 5 0.1 0 0.0 1 0.~ 27 0.1 RAV 7299 99.9 422 5.8 7 0.1 25211 99.9 SCN 7306 100.0 143 2.0 1 0.~ 25227 100.~ ----------------------------------------------------------- Mean 87.4% 87.4% Mean (rate>10%) 99.9% 99.8% ----------------------------------------------------------- Table LIN.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses: ========================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVK 124 100.0 76 61.3 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 124 100.0 6 4.8 1 0.8 1336 99.9 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 27 21.8 2 1.6 1334 99.8 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 87.5% 87.4% Mean (rate>10%) 100.0% 99.9% ----------------------------------------------------------- Table LIN.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB: ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ARJ % CAB % LHA % RAR % WinRAR 2.0 % ZIP % ------------------------------------------------------------------------------ Testbed 124 100.0% 124 100.0% 124 100.0% 124 100.0% 124 100.0% 124 100.0% ------------------------------------------------------------------------------- AVK 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 CMD 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 DRW 124 100.0 124 100.0 0 0.0 124 100.0 124 100.0 124 100.0 FPR 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 FSE 124 100.0 0 0.0 124 100.0 0 0.0 0 0.0 124 100.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 124 100.0 0 0.0 124 100.0 124 100.0 124 100.0 SCN 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 ------------------------------------------------------------------------------ Mean 87.5% 75.0% 62.5% 75.0% 75.0% 87.5% Meanrate>10% 100.0% 100.0% 100.0% 100.0% 100.0% 100.0% ------------------------------------------------------------------------------ Table LIN.M3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW macro viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================= This includes Viral objects detected per packer ------------------------------------------------------------------------------- ARJ % CAB % LHA % RAR % WinRAR 2.0 % ZIP % ------------------------------------------------------------------------------- Testbed 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% ------------------------------------------------------------------------------- AVK 1337 100.0 1336 99.9 1337 100.0 1337 100.0 1337 100.0 1337 100.0 CMD 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 DRW 1337 100.0 1337 100.0 0 0.0 1337 100.0 1337 100.0 1337 100.0 FPR 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 FSE 1336 99.9 0 0.0 1336 99.9 0 0.0 0 0.0 1336 99.9 OAV 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 0 0.0 RAV 1271 95.1 1331 99.6 0 0.0 1265 94.6 1148 85.9 1271 95.1 SCN 1337 100.0 1337 100.0 1337 100.0 1337 100.0 1337 100.0 1337 100.0 ------------------------------------------------------------------------------- Mean 86.9% 74.9% 62.5% 74.3% 73.2% 86.9% Meanrate>10% 99.3% 99.9% 99.4% 99.1% 97.2% 99.3% ------------------------------------------------------------------------------- Table LIN.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with PKZIP: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVK 124 100.0 76 61.3 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 124 100.0 6 4.8 1 0.8 1336 99.9 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 27 21.8 22 17.7 1271 95.1 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 87.5% 86.9% Mean rate>10% 100.0% 99.3% ----------------------------------------------------------- Table LIN.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with LHA: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVK 124 100.0 76 61.3 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 124 100.0 6 4.8 1 0.8 1336 99.9 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 62.5% 62.5% Mean rate>10% 100.0% 99.9% ----------------------------------------------------------- Table LIN.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with ARJ: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVK 124 100.0 76 61.3 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 124 100.0 6 4.8 1 0.8 1336 99.9 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 27 21.8 22 17.7 1271 95.1 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 87.5% 86.9% Mean (rate>10%) 100.0% 99.3% ----------------------------------------------------------- Table LIN.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with RAR: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVK 124 100.0 76 61.3 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 0 0.0 0 0.0 0 0.0 0 0.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 26 21.0 27 21.8 1265 94.6 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 75.0% 74.3% Mean (rate>10%) 100.0% 99.1% ----------------------------------------------------------- Table LIN.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with WinRAR 2.0: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVK 124 100.0 76 61.3 0 0.0 1337 100.0 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 0 0.0 0 0.0 0 0.0 0 0.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 26 21.0 25 20.2 1148 85.9 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 75.0% 73.2% Mean rate>10% 100.0% 97.6% ----------------------------------------------------------- Table LIN.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVK 124 100.0 76 61.3 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FPR 124 100.0 6 4.8 1 0.8 1336 99.9 FSE 0 0.0 0 0.0 0 0.0 0 0.0 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 27 21.8 5 4.0 1331 99.6 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 75.0% 74.9% Mean (rate>10%) 100.0% 99.9% ----------------------------------------------------------- Table LIN.M4: "False Positive" macro virus detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives": ============================================================= False positive Scanner detection ----------------------------- Testbed 329 100.0% ----------------------------- AVK 5 1.5 CMD 2 0.6 DRW 29 8.8 FPR 2 0.6 FSE 2 0.6 OAV 0 0.0 RAV 1 0.3 SCN 0 0.0 ----------------------------- Mean 1.6% ----------------------------- Table LIN.M5: "Macro-Malware": Results of "full" test for Macro-related malware: ================================================ Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 450 100.0% 747 100.0% ------------------------------------------------------------ AVK 450 100.0 42 9.3 1 0.2 745 99.7 CMD 447 99.3 2 0.4 0 0.0 735 98.4 DRW 410 91.1 30 6.7 8 1.8 683 91.4 FPR 447 99.3 2 0.4 0 0.0 735 98.4 FSE 446 99.1 2 0.4 0 0.0 729 97.6 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 447 99.3 38 8.4 5 1.1 729 97.6 SCN 449 99.8 5 1.1 2 0.4 744 99.6 ----------------------------------------------------------- Mean 86.0% 85.3% Mean (rate>10%) 98.3% 97.5% ----------------------------------------------------------- Table LIN.S1: "ScriptVirus 1": Results of "full" Zoo test for script viruses: ================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 823 100.0% 1574 100.0% ------------------------------------------------------------ AVK 816 99.1 81 9.8 2 0.2 1564 99.4 CMD 736 89.4 111 13.5 31 3.8 1339 85.1 DRW 779 94.7 120 14.6 22 2.7 1436 91.2 FPR 730 88.7 107 13.0 28 3.4 1335 84.8 FSE 725 88.1 117 14.2 24 2.9 1326 84.2 OAV 114 13.9 1 0.1 23 2.8 224 14.2 RAV 791 96.1 108 13.1 26 3.2 1496 95.0 SCN 819 99.5 71 8.6 1 0.1 1569 99.7 ----------------------------------------------------------- Mean 83.7% 81.7% Mean (rate>10%) 83.7% 81.7% ----------------------------------------------------------- Table LIN.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 20 100.0% 122 100.0% ------------------------------------------------------------ AVK 20 100.0 3 15.0 0 0.0 122 100.0 CMD 20 100.0 4 20.0 0 0.0 122 100.0 DRW 20 100.0 2 10.0 0 0.0 122 100.0 FPR 20 100.0 4 20.0 0 0.0 122 100.0 FSE 20 100.0 4 20.0 0 0.0 122 100.0 OAV 5 25.0 1 5.0 2 10.0 30 24.6 RAV 20 100.0 7 35.0 0 0.0 122 100.0 SCN 20 100.0 5 25.0 0 0.0 122 100.0 ----------------------------------------------------------- Mean 90.6% 90.6% Mean (rate>10%) 90.6% 90.6% ----------------------------------------------------------- Table LIN.S5: "Script-Malware": Results of "full" Zoo Test for Script-related malware: ===================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 117 100.0% 202 100.0% ------------------------------------------------------------ AVK 112 95.7 18 15.4 3 2.6 189 93.6 CMD 33 28.2 16 13.7 6 5.1 36 17.8 DRW 72 61.5 14 12.0 10 8.5 120 59.4 FPR 33 28.2 16 13.7 6 5.1 36 17.8 FSE 34 29.1 17 14.5 6 5.1 37 18.3 OAV 0 0.0 0 0.0 0 0.0 0 0.0 RAV 96 82.1 12 10.3 10 8.5 145 71.8 SCN 114 97.4 6 5.1 4 3.4 187 92.6 ----------------------------------------------------------- Mean 52.8% 46.4% Mean (rate>10%) 60.3% 53.0% -----------------------------------------------------------