================================================= aVTC Test "2003-04" (File 6JWXP.TXT): ------------------------------------------------- Detailed results of File, Macro and Script Virus related on-demand scanner tests under Windows XP (WXP): ================================================= (Formatted with non-proportional font: Courier) For VTCs first WXP test, we have selected the following ** 10 ** products (versions) from the list of (totally) 19 products which participated in W32 parts of VTC test "2002-12" (for details of related AV products: see A2SCNLS.txt): ================================================================= AVP AntiVirus Professional (Kaspersky Labs, Moscow, Russia) v(def): 3.55.160.0 date: December 12, 2001 BDF BitDefender Professional (Softwin, Bucuresti, Romania) v(def): v6.3.6 CMD Command Antivirus (Command Software Systems,Jupiter,USA) v(def): 4.64.0 date: August 11, 2001 Eng: 3.55.160.3203 Sign.def date: December 17, 2001 Macro.def date: December 16, 2001 DRW DrWeb for Win32 (Dialogue Science, Moscow, Russia) v(def): 4.26 (DrWeb32.txt) date: September 25,2001 (test.ful) Sig/date: Dec. 17,2001 (drwtoday.vbd) FSE F-SECURE (F-Secure Corporation, Helsinki, Finland) v(def): 1.00.1251 Sig/date: December 14, 2001 Eng: 3.09.507 (F-PROT) Eng: 3.55.160.3210 (AVP) Eng: 1.02.15 (Orion) INO InoculateIT (Computer Associates, Islandia, USA) v(def): Eng:49.00 date: December 14, 2001 Sig/date: December 17, 2001 NAV Norton Antivirus (Symantec, Cupertino, USA) v(def): 7.60.926 Eng: 4.1.0.15 Sig: rev.3 Sig/date: December 14, 2001 NVC Norman Virus Control (Norman Data Defense, Oslo) v(def): 5.00.36 date: --- Sig/date: December 17, 2001 (binary viruses) Sig/date: December 16, 2001 (macro viruses) RAV Roumanian AntiVirus (GECAD, Bucharest, Romania) v(def): 8.3.1 command line for Win32 i386 Eng: 8.5 for i386 Sig/date: Dec.17,2001 at 16:22:24 SCN McAfee ViruScan (Network Associates, Santa Clara, USA) v(def): 4.1.60 Sig:4177 date:December 17, 2001 ================================================================= The following tables summarize detection and identification quality concerning FILE, MACRO and SCRIPT viruses as well as selected FILE, MACRO and SCRIPT MALWARE, both in full "zoo" virus collection and for viral In-The-Wild testbeds, under Windows-XP. Moreover, results for detection of viruses in objects compressed with 6 popular packing methods are also given. Finally, a special test was performed concerning "false positive" virus detection of selected files which were deliberately chosen from available CD-ROMs and which were definitively clean of viruses. For discussion of results, see 7EVALXP.txt. As usual, results may be influenced by problems experienced during tests; such problems are documented in 8PROBLMS.TXT. Index of tables: ---------------- WXP.F1: "FileVirus 1": Results of "full" Zoo test for file viruses WXP.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses WXP.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.9 and CAB WXP.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of infected ITW file objects packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.9 and CAB WXP.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP WXP.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA WXP.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ WXP.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR WXP.F3e: "WINRAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 2.9 WXP.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB WXP.F4: "False Positive" File Virus Detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives" WXP.F5: "File-Malware": Results of "full" Zoo test for file-related (non-viral) malware WXP.M1: "MacroVirus 1": Results of "full" test for macro viruses WXP.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses WXP.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR 2.0 and CAB WXP.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR 2.0, CAB WXP.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with PKZIP WXP.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with LHA WXP.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with ARJ WXP.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with RAR WXP.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with WinRAR 2.0 WXP.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with CAB WXP.M4: "False Positive" detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" WXP.M5: "Macro-Malware": Results of "full" zoo test for Macro-related malware WXP.S1: "ScriptVirus 1": Results of "full" test for script viruses (VBS, JS etc) WXP.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses WXP.S5: "Script-Malware": Results of "full" zoo test for Script-related malware Table WXP.F1: "FileVirus 1": Results of "full" Zoo Test for file viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 21790 100.0% 158747 100.0% ------------------------------------------------------------ AVP 21783 100.~ 621 2.8 1 0.~ 158701 100.~ BDF 18054 82.9 1444 6.6 797 3.7 135716 85.5 CMD 21458 98.5 169 0.8 73 0.3 157448 99.2 DRW 21414 98.3 1122 5.1 258 1.2 156764 98.8 FSE 21784 100.~ 216 1.0 1 0.~ 158702 100.~ INO 21514 98.7 786 3.6 208 1.0 157117 99.0 NAV 21428 98.3 2588 11.9 814 3.7 152965 96.4 NVC 21314 97.8 6143 28.2 274 1.3 155577 98.0 RAV 21065 96.7 770 3.5 331 1.5 153343 96.6 SCN 21736 99.8 951 4.4 49 0.2 158425 99.8 ------------------------------------------------------------ Mean: 97.1% 97.4% Mean (rate>10%): 97.1% 97.4% ------------------------------------------------------------ Remark: decimal ~ indicates that result is rounded: (100.~ up to 100.0%, 0.~ down to 0.0%). Table WXP.F2: "FileVirus 2": Results of "In-The-Wild" Test for file viruses: ==================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ------------------------------------------------------------ Testbed 50 100.0% 442 100.0% ------------------------------------------------------------ AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FSE 50 100.0 8 16.0 0 0.0 442 100.0 INO 50 100.0 7 14.0 1 2.0 441 99.8 NAV 50 100.0 11 22.0 0 0.0 442 100.0 NVC 50 100.0 6 12.0 6 12.0 430 97.3 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 ------------------------------------------------------------ Mean: 99.8% 99.1% Mean (rate>10%): 99.8% 99.1% ------------------------------------------------------------ Table WXP.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ARJ % CAB % LHA % RAR % WinRAR 2.9 % ZIP % ------------------------------------------------------------------------------ Testbed 50 100.0% 50 100.0% 50 100.0% 50 100.0% 50 100.0% 50 100.0% ------------------------------------------------------------------------------- AVP 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 BDF 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 CMD 49 98.0 49 98.0 49 98.0 49 98.0 0 0.0 49 98.0 DRW 50 100.0 50 100.0 0 0.0 50 100.0 0 0.0 50 100.0 FSE 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 INO 48 96.0 0 0.0 0 0.0 0 0.0 0 0.0 47 94.0 NAV 33 66.0 0 0.0 50 100.0 0 0.0 0 0.0 50 100.0 NVC 50 100.0 0 0.0 0 0.0 0 0.0 0 0.0 50 100.0 RAV 50 100.0 50 100.0 0 0.0 50 100.0 25 50.0 50 100.0 SCN 50 100.0 50 100.0 50 100.0 50 100.0 0 0.0 50 100.0 ------------------------------------------------------------------------------- Mean: 96.0% 69.8% 59.8% 69.8% 5.0% 99.2% Mean rate>10%:96.0% 99.7% 99.7% 99.7% 50.0% 99.2% ------------------------------------------------------------------------------- Table WXP.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================== This includes Viral objects detected per packer ------------------------------------------------------------------------------- ARJ % CAB % LHA % RAR % WinRAR 2.9 % ZIP % ------------------------------------------------------------------------------- Testbed 442 100.0% 442 100.0% 442 100.0% 442 100.0% 442 100.0% 442 100.0% ------------------------------------------------------------------------------- AVP 442 100.0 442 100.0 442 100.0 442 100.0 0 0.0 442 100.0 BDF 428 96.8 428 96.8 428 96.8 428 96.8 0 0.0 428 96.8 CMD 433 98.0 433 98.0 433 98.0 433 98.0 0 0.0 433 98.0 DRW 442 100.0 442 100.0 0 0.0 442 100.0 0 0.0 442 100.0 FSE 442 100.0 442 100.0 442 100.0 442 100.0 0 0.0 442 100.0 INO 433 98.0 0 0.0 0 0.0 0 0.0 0 0.0 431 97.5 NAV 344 77.8 0 0.0 439 99.3 0 0.0 0 0.0 442 100.0 NVC 430 97.3 0 0.0 0 0.0 0 0.0 0 0.0 430 97.3 RAV 438 99.1 438 99.1 0 0.0 438 99.1 86 19.5 438 99.1 SCN 442 100.0 442 100.0 442 100.0 442 100.0 0 0.0 442 100.0 ------------------------------------------------------------------------------- Mean: 96.7% 69.4% 59.4% 69.8% 2.0% 98.9% Mean rate>10%:96.7% 99.1% 99.0% 99.1% 19.5% 98.9% ------------------------------------------------------------------------------- Table WXP.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FSE 50 100.0 36 72.0 0 0.0 442 100.0 INO 47 94.0 4 8.0 2 4.0 431 97.5 NAV 50 100.0 11 22.0 0 0.0 442 100.0 NVC 50 100.0 6 12.0 6 12.0 430 97.3 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 ----------------------------------------------------------- Mean: 99.2% 98.9% Mean (rate>10%): 99.2% 98.9% ----------------------------------------------------------- Table WXP.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 5 10.0 3 6.0 433 98.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 50 100.0 36 72.0 0 0.0 442 100.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 50 100.0 11 22.0 1 2.0 439 99.3 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 50 100.0 4 8.0 0 0.0 442 100.0 ------------------------------------------------------------ Mean: 59.8% 59.4% Mean (rate>10%): 99.7% 99.0% ------------------------------------------------------------ Table WXP.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FSE 50 100.0 36 72.0 0 0.0 442 100.0 INO 48 96.0 4 8.0 2 4.0 433 98.0 NAV 33 66.0 5 10.0 0 0.0 344 77.8 NVC 50 100.0 6 12.0 6 12.0 430 97.3 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 ----------------------------------------------------------- Mean: 96.0% 96.7% Mean (rate>10%): 96.0% 96.7% ----------------------------------------------------------- Table WXP.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FSE 50 100.0 6 12.0 0 0.0 442 100.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 ----------------------------------------------------------- Mean: 69.8% 69.4% Mean (rate>10%): 99.7% 99.1% ----------------------------------------------------------- Table WXP.F3e: "WINRAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with WINRAR 2.9: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVP 0 0.0 0 0.0 0 0.0 0 0.0 BDF 0 0.0 0 0.0 0 0.0 0 0.0 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 25 50.0 0 0.0 9 18.0 86 19.5 SCN 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Mean: 5.0% 2.0% Mean (rate>10%): 50.0% 19.5% ----------------------------------------------------------- Table WXP.F3f: "CAB-Packed File Viruses": Results of Detection of ITW File Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 50 100.0% 443 100.0% ------------------------------------------------------------ AVP 50 100.0 6 12.0 0 0.0 442 100.0 BDF 50 100.0 6 12.0 6 12.0 428 96.8 CMD 49 98.0 4 8.0 3 6.0 433 98.0 DRW 50 100.0 5 10.0 0 0.0 442 100.0 FSE 50 100.0 6 12.0 0 0.0 442 100.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 50 100.0 7 14.0 2 4.0 438 99.1 SCN 50 100.0 4 8.0 0 0.0 442 100.0 ----------------------------------------------------------- Mean: 69.8% 69.4% Mean (rate>10%): 99.7% 99.1% ----------------------------------------------------------- Table WXP.F4: "False Positive" file virus detection: Results of "full" Zoo test for non-viral (clean) file objects detected as "false positives": ============================================================= False positive Scanner detection ----------------------------- Testbed 664 100.0% ----------------------------- AVP 0 0.0 BDF 0 0.0 CMD 0 0.0 DRW 1 0.2 FSE 0 0.0 INO 0 0.0 NAV 0 0.0 NVC 0 0.0 RAV 0 0.0 SCN 0 0.0 ----------------------------- Table WXP.F5: "File-Malware": Results of "full" Zoo Test for File-related malware: ==================================================== This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 8001 100.0% 18277 100.0% ------------------------------------------------------------ AVP 7899 98.7 776 9.7 40 0.5 18098 99.0 BDF 4570 57.1 305 3.8 538 6.7 9902 54.2 CMD 7283 91.0 3366 42.1 287 3.6 16184 88.5 DRW 6027 75.3 466 5.8 389 4.9 13423 73.4 FSE 7937 99.2 3610 45.1 29 0.4 18157 99.3 INO 4558 57.0 739 9.2 321 4.0 9882 54.1 NAV 6250 78.1 1358 17.0 578 7.2 13272 72.6 NVC 6248 78.1 1601 20.0 402 5.0 14440 79.0 RAV 6889 86.1 411 5.1 403 5.0 15026 82.2 SCN 7422 92.8 660 8.2 82 1.0 17457 95.5 ----------------------------------------------------------- Mean: 81.3% 79.8% Mean (rate>10%): 81.3% 79.8% ----------------------------------------------------------- Table WXP.M1: "MacroVirus 1": Results of "full" zoo test for macro viruses under Windows-2000: ========================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 7306 100.0% 25231 100.0% ------------------------------------------------------------ AVP 7304 100.~ 134 1.8 1 0.~ 25193 99.8 BDF 7232 99.0 1727 23.6 12 0.2 24943 98.9 CMD 7302 99.9 62 0.8 4 0.1 25199 99.9 DRW 7263 99.4 172 2.4 15 0.2 25110 99.5 FSE 7305 100.~ 73 1.0 0 0.0 25222 100.~ INO 7298 99.9 130 1.8 6 0.1 25204 99.9 NAV 7280 99.6 285 3.9 13 0.2 25119 99.6 NVC 7295 99.8 118 1.6 16 0.2 25161 99.7 RAV 7299 99.9 423 5.8 7 0.1 25211 99.9 SCN 7306 100.0 80 1.1 1 0.~ 25227 100.~ ----------------------------------------------------------- Mean 99.8% 99.7% Mean (rate>10%) 99.8% 99.7% ----------------------------------------------------------- Table WXP.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses under Windows-2000: ========================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FSE 124 100.0 7 5.6 0 0.0 1337 100.0 INO 124 100.0 9 7.3 0 0.0 1337 100.0 NAV 124 100.0 16 12.9 0 0.0 1337 100.0 NVC 124 100.0 13 10.5 2 1.6 1335 99.9 RAV 124 100.0 27 21.8 2 1.6 1334 99.8 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 100.0% 100.~ Mean (rate>10%) 100.0% 100.~ ----------------------------------------------------------- Table WXP.M3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ, RAR, WinRAR and CAB ================================================================ This includes Viruses detected per packer ------------------------------------------------------------------------------ ARJ % CAB % LHA % RAR % WinRAR 2.0 % ZIP % ------------------------------------------------------------------------------- Testbed 124 100.0% 124 100.0% 124 100.0% 124 100.0% 124 100.0% 124 100.0% ------------------------------------------------------------------------------- AVP 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 BDF 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 CMD 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 DRW 124 100.0 124 100.0 0 0.0 124 100.0 124 100.0 124 100.0 FSE 124 100.0 123 99.2 124 100.0 123 99.2 123 99.2 124 100.0 INO 124 100.0 0 0.0 0 0.0 0 0.0 0 0.0 124 100.0 NAV 124 100.0 0 0.0 124 100.0 0 0.0 0 0.0 124 100.0 NVC 124 100.0 0 0.0 0 0.0 0 0.0 0 0.0 124 100.0 RAV 124 100.0 124 100.0 0 0.0 124 100.0 124 100.0 123 99.2 SCN 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 124 100.0 ------------------------------------------------------------------------------- Mean 100.0% 69.9% 60.0% 69.9% 69.9% 99.9% Meanrate>10% 100.0% 99.9% 100.0% 99.9% 99.9% 99.9% ------------------------------------------------------------------------------- Table WXP.M3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and with PKZIP, LHA, ARJ, RAR, WinRAR, CAB ======================================================================= This includes Viral objects detected per packer ------------------------------------------------------------------------------- ARJ % CAB % LHA % RAR % WinRAR 2.0 % ZIP % ------------------------------------------------------------------------------- Testbed 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% 1337 100.0% ------------------------------------------------------------------------------- AVP 1337 100.0 1336 99.9 1337 100.0 1337 100.0 1337 100.0 1337 100.0 BDF 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 CMD 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 1336 99.9 DRW 1337 100.0 1337 100.0 0 0.0 1337 100.0 1337 100.0 1337 100.0 FSE 1337 100.0 1331 99.6 1337 100.0 1332 99.6 1332 99.6 1337 100.0 INO 1337 100.0 0 0.0 0 0.0 0 0.0 0 0.0 1337 100.0 NAV 1337 100.0 0 0.0 1336 99.9 0 0.0 0 0.0 1337 100.0 NVC 1335 99.9 0 0.0 0 0.0 0 0.0 0 0.0 1335 99.9 RAV 1271 95.1 1331 99.6 0 0.0 1271 95.1 1109 82.9 1043 78.0 SCN 1337 100.0 1337 100.0 1337 100.0 1337 100.0 1337 100.0 1337 100.0 ------------------------------------------------------------------------------- Mean 99.5% 69.9% 60.0% 69.5% 68.2% 97.7% Meanrate>10% 99.5% 99.8% 100.~ 99.2% 97.5% 97.8% ------------------------------------------------------------------------------- Table WXP.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with PKZIP under Windows-2000: ======================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FSE 124 100.0 123 99.2 0 0.0 1337 100.0 INO 124 100.0 9 7.3 0 0.0 1337 100.0 NAV 124 100.0 12 9.7 0 0.0 1337 100.0 NVC 124 100.0 13 10.5 2 1.6 1335 99.9 RAV 123 99.2 26 21.0 22 17.7 1043 78.0 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 99.9% 97.8% Mean (rate>10%) 99.9% 97.8% ----------------------------------------------------------- Table WXP.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with LHA under Windows-2000: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 124 100.0 123 99.2 0 0.0 1337 100.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 124 100.0 12 9.7 1 0.8 1336 99.9 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 60.0% 60.0% Mean (rate>10%) 100.0% 100.~ ----------------------------------------------------------- Table WXP.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with ARJ under Windows-2000: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FSE 124 100.0 123 99.2 0 0.0 1337 100.0 INO 124 100.0 9 7.3 0 0.0 1337 100.0 NAV 124 100.0 12 9.7 0 0.0 1337 100.0 NVC 124 100.0 13 10.5 2 1.6 1335 99.9 RAV 124 100.0 27 21.8 22 17.7 1271 95.1 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 100.0% 99.5% Mean (rate>10%) 100.0% 99.5% ----------------------------------------------------------- Table WXP.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with RAR under Windows-2000: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FSE 123 99.2 10 8.1 0 0.0 1332 99.6 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 27 21.8 22 17.7 1271 95.1 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 69.9% 69.5% Mean (rate>10%) 99.9% 99.2% ----------------------------------------------------------- Table WXP.M3e: "WinRAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with WinRAR 2.0: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVP 124 100.0 10 8.1 0 0.0 1337 100.0 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FSE 123 99.2 10 8.1 0 0.0 1332 99.6 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 26 21.0 24 19.4 1109 82.9 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 60.9% 68.2% Mean (rate>10%) 99.9% 97.5% ----------------------------------------------------------- Table WXP.M3f: "CAB-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with CAB: =============================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 124 100.0% 1337 100.0% ------------------------------------------------------------ AVP 124 100.0 10 8.1 1 0.8 1336 99.9 BDF 124 100.0 18 14.5 1 0.8 1336 99.9 CMD 124 100.0 6 4.8 1 0.8 1336 99.9 DRW 124 100.0 12 9.7 0 0.0 1337 100.0 FSE 123 99.2 10 8.1 1 0.8 1331 99.6 INO 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 RAV 124 100.0 27 21.8 5 4.0 1331 99.6 SCN 124 100.0 8 6.5 0 0.0 1337 100.0 ----------------------------------------------------------- Mean 69.9% 69.9% Mean (rate>10%) 99.9% 99.8% ----------------------------------------------------------- Table WXP.M4: "False Positive" macro virus detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" under Windows-2000: ================================================================= False positive Scanner detection ----------------------------- Testbed 329 100.0% ----------------------------- AVP 5 1.5 BDF 0 0.0 CMD 2 0.6 DRW 29 8.8 FSE 2 0.6 INO 0 0.0 NAV 0 0.0 NVC 5 1.5 RAV 1 0.3 SCN 0 0.0 ----------------------------- Table WXP.M5: "Macro-Malware": Results of "full" test for Macro-related malware under Windows-2000: ========================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 450 100.0% 747 100.0% ------------------------------------------------------------ AVP 450 100.0 1 0.2 1 0.2 745 99.7 BDF 413 91.8 100 22.2 5 1.1 679 90.9 CMD 447 99.3 2 0.4 0 0.0 735 98.4 DRW 410 91.1 30 6.7 8 1.8 683 91.4 FSE 450 100.0 3 0.7 1 0.2 745 99.7 INO 422 93.8 17 3.8 1 0.2 709 94.9 NAV 418 92.9 40 8.9 8 1.8 679 90.9 NVC 442 98.2 13 2.9 2 0.4 711 95.2 RAV 447 99.3 38 8.4 5 1.1 729 97.6 SCN 450 100.0 5 1.1 2 0.4 745 99.7 ----------------------------------------------------------- Mean 96.6% 95.8% Mean (rate>10%) 96.6% 95.8% ----------------------------------------------------------- Table WXP.S1: "ScriptVirus 1": Results of "full" Zoo test for script viruses: ================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 823 100.0% 1574 100.0% ------------------------------------------------------------ AVP 814 98.9 83 10.1 1 0.1 1562 99.2 BDF 596 72.4 90 10.9 59 7.2 1074 68.2 CMD 733 89.1 112 13.6 25 3.0 1342 85.3 DRW 779 94.7 120 14.6 22 2.7 1436 91.2 FSE 819 99.5 151 18.3 2 0.2 1566 99.5 INO 779 94.7 114 13.9 31 3.8 1457 92.6 NAV 797 96.8 240 29.2 33 4.0 1490 94.7 NVC 721 87.6 91 11.1 35 4.3 1270 80.7 RAV 791 96.1 108 13.1 26 3.2 1496 95.0 SCN 820 99.6 72 8.7 1 0.1 1570 99.7 ----------------------------------------------------------- Mean 92.9% 90.6% Mean (rate>10%) 92.9% 90.6% ----------------------------------------------------------- Table WXP.S2: "ScriptVirus 2": Results of "In-The-Wild" test for script viruses: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 20 100.0% 122 100.0% ------------------------------------------------------------ AVP 20 100.0 3 15.0 0 0.0 122 100.0 BDF 20 100.0 3 15.0 1 5.0 119 97.5 CMD 20 100.0 4 20.0 0 0.0 122 100.0 DRW 20 100.0 2 10.0 0 0.0 122 100.0 FSE 20 100.0 4 20.0 0 0.0 122 100.0 INO 20 100.0 5 25.0 1 5.0 121 99.2 NAV 20 100.0 6 30.0 0 0.0 122 100.0 NVC 20 100.0 9 45.0 0 0.0 122 100.0 RAV 20 100.0 7 35.0 0 0.0 122 100.0 SCN 20 100.0 3 15.0 0 0.0 122 100.0 ----------------------------------------------------------- Mean 100.0% 99.7% Mean (rate>10%) 100.0% 99.7% ----------------------------------------------------------- Table WXP.S5: "Script-Malware": Results of "full" test for Script-related malware under Windows-2000: ========================================================= Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 117 100.0% 202 100.0% ------------------------------------------------------------ AVP 112 95.7 18 15.4 3 2.6 189 93.6 BDF 38 32.5 8 6.8 10 8.5 43 21.3 CMD 33 28.2 16 13.7 6 5.1 36 17.8 DRW 72 61.5 14 12.0 10 8.5 120 59.4 FSE 114 97.4 37 31.6 3 2.6 192 95.0 INO 82 70.1 33 28.2 12 10.3 114 56.4 NAV 107 91.5 34 29.1 10 8.5 160 79.2 NVC 24 20.5 2 1.7 3 2.6 32 15.8 RAV 96 82.1 12 10.3 10 8.5 145 71.8 SCN 115 98.3 10 8.5 4 3.4 188 93.1 ----------------------------------------------------------- Mean 67.8% 60.3% Mean (rate>10%) 67.8% 60.3% -----------------------------------------------------------