Full Disclosure mailing list archives
Re: Show me the Virrii! (heuristics)
From: "starlabs" <ashipp () messagelabs com>
Date: Mon, 5 Jan 2004 09:33:32 -0000
Does anyone have reliable reports of an antivirus system firing off on a heuristic?
I'm not aware of ever having seen one; always seems to be a signature.
As part of my job I regularly evaluate antivirus products. I have seen plenty of heuristic detections; all the engines have different heuristic capabilities, so some detect more new malware than others, and of course some also have more false positives than others. Your experience might be because you are using a poor heuristic engine, or because by the time you get a sample of a real new virus, your vendor has released a signature anyway, even if they detected it heuristically anyway. My findings indicate that the state of the art is that most new malware can be detected heuristically these days. Regards, Alex ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Show me the Virrii! Richard Maudsley (Jan 04)
- Re: Show me the Virrii! S G Masood (Jan 04)
- RE: Show me the Virrii! Steve Wray (Jan 05)
- Re: Show me the Virrii! (heuristics) starlabs (Jan 05)
- Re: Show me the Virrii! (heuristics) S G Masood (Jan 05)
- RE: Show me the Virrii! Nick FitzGerald (Jan 07)
- RE: Show me the Virrii! Steve Wray (Jan 05)
- Re: Show me the Virrii! Nicob (Jan 07)
- Re: Show me the Virrii! Nick FitzGerald (Jan 07)
- Re: Show me the Virrii! Valdis . Kletnieks (Jan 07)
- Re: Show me the Virrii! Nick FitzGerald (Jan 08)
- Re: Show me the Virrii! S G Masood (Jan 04)
- Re: Show me the Virrii! Richard Maudsley (Jan 04)
- RE: Show me the Virrii! Richard Maudsley (Jan 05)