Re: [VirusTotal] Scan result (fwd)

[Michel Messerschmidt <lists () michel-messerschmidt de>]

On Thu, Sep 02, 2004 at 04:01:16PM -0400, Über GuidoZ wrote:
> It's kind of interesting to see the results, as it shows you what AV
> programs seem to detect things better then others. 

I think this is actually misleading. 
You know nearly nothing from scanning just a single (or 10, 50,...) 
sample. And there are other basic test requirements. For example:
- the different results could be due to differences in the update 
  schedule at virustotal.com (some vendors offer their fastest updates
  only for premium licenses, which virustotal may not have). 
- maybe some products are used with optimized settings (for example 
  maximum heuristic detection) and others with default settings.


> It's also useful 
> for known viruses, but needing to know what each AV program calls
> them. (I find this useful when trying to do tech support.)

You know Vgrep (http://www.virusbtn.com/resources/vgrep/index.xml) ?


-- 
Michel Messerschmidt           lists () michel-messerschmidt de
antiVirusTestCenter, Computer Science, University of Hamburg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html