168 lines
5.8 KiB
Plaintext
168 lines
5.8 KiB
Plaintext
VIRUS TEST Nr. 002
|
|
|
|
-= SMEG Viruses =-
|
|
|
|
|
|
Copyright (C) 1994 Luca Sambucci
|
|
|
|
All rights reserved.
|
|
|
|
|
|
Italian Computer Antivirus Research Organization
|
|
|
|
|
|
|
|
The "Simulated Metamorphic Encryption Engine" is a new engine
|
|
used to create polymorphic viruses, some of these viruses seem
|
|
to be 'in the wild' in the United Kingdom.
|
|
|
|
At the moment there are three versions of the engine (v0.1, v0.2
|
|
and v0.3). For this test I've used two viruses created with the
|
|
0.1 and 0.2 versions of the engine, the "Pathogen" and the "Queeg"
|
|
viruses.
|
|
|
|
|
|
The option used are the same used for the June 1994 edition of the
|
|
General Antivirus Test, except for the "/CPL" option for the AVScan
|
|
(this product now scans inside compressed files by default).
|
|
|
|
For all other information (product/producer information, legal
|
|
issues etc.) please refer to the June 1994 edition of the General
|
|
Antivirus Test (always available at request or at our official
|
|
distribution sites).
|
|
|
|
|
|
The following products have been tested:
|
|
|
|
Name Version Date (MM/DD/YY) Producer
|
|
=-----------------------------------------------------------=
|
|
|
|
AVScan 1.58 06/18/94 H+BEDV GmbH
|
|
|
|
AV Toolkit Pro 2.00d 06/20/94 KAMI Ltd.
|
|
|
|
F-Prot 2.12c 06/16/94 Frisk Soft. Int.
|
|
|
|
Sweep 2.63Beta 06/06/94 Sophos Plc
|
|
|
|
ThunderByte AV 6.20 05/06/94 ESaSS BV
|
|
|
|
ViruScan 9.28V116 06/15/94 McAfee Inc.
|
|
|
|
VirusScan 2.0.2 06/02/94 McAfee Inc.
|
|
|
|
|
|
|
|
|
|
TEST RESULTS
|
|
|
|
|
|
SMEG v0.1 (Pathogen)
|
|
|
|
|
|
For the test I've infected 996 files (496 COM and 500 EXE)
|
|
with "Pathogen" replications.
|
|
|
|
|
|
Here the results (996 replications):
|
|
|
|
|
|
| Antivirus |Rel. |Unrel. |Not | %Total |
|
|
| product |Identif.|Identif.|Detected |Detected |
|
|
=----------------+--------+--------+---------+=========+-=
|
|
AVScan 1.58 | 996 | 0 | 0 < 100.00% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
AVP 2.00d | 983 | 8 | 5 < 99.50% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
F-Prot 2.12c | 996 | 0 | 0 < 100.00% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
Sweep 2.63Beta | 996 | 0 | 0 < 100.00% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
TbScan 6.20 | 368 | 6 | 622 < 38.72% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
ViruScan 116 | 0 | 0 | 996 < 0.00% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
VirusScan 2.0.2| 0 | 0 | 996 < 0.00% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
|
|
|
|
|
|
SMEG v0.2 (Queeg)
|
|
|
|
|
|
For the test I've infected 995 files (496 COM and 499 EXE)
|
|
with "Queeg" replications.
|
|
|
|
|
|
Here the results (995 replications):
|
|
|
|
|
|
| Antivirus |Rel. |Unrel. |Not | %Total |
|
|
| product |Identif.|Identif.|Detected |Detected |
|
|
=----------------+--------+--------+---------+=========+-=
|
|
AVScan 1.58 | 991 | 0 | 4 < 99.60% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
AVP 2.00d | 985 | 4 | 6 < 99.40% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
F-Prot 2.12c | 991 | 0 | 4 < 99.60% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
Sweep 2.63Beta | 0 | 616 | 379 < 61.91% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
TbScan 6.20 | 120 | 1 | 874 < 12.16% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
ViruScan 116 | 0 | 0 | 995 < 0.00% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
VirusScan 2.0.2| 0 | 0 | 995 < 0.00% >
|
|
=----------------+--------+--------+---------+=========+-=
|
|
|
|
|
|
Note:
|
|
|
|
All "Queeg" replications detected by the Sweep have been
|
|
identificated as "Pathogen".
|
|
|
|
|
|
|
|
GLOBAL RESULTS SMEG viruses (1991 replications):
|
|
|
|
|
|
| Antivirus |%Detected | %Detected | %Total |
|
|
| product | Pathogen | Queeg | SMEG |
|
|
=----------------+----------+-----------+========+--=
|
|
AVScan 1.58 | 100.00% | 99.60% < 99.80% >
|
|
=----------------+----------+-----------+========+--=
|
|
AVP 2.00d | 99.50% | 99.40% < 99.45% >
|
|
=----------------+----------+-----------+========+--=
|
|
F-Prot 2.12c | 100.00% | 99.60% < 99.80% >
|
|
=----------------+----------+-----------+========+--=
|
|
Sweep 2.63Beta | 100.00% | 61.91% < 81.00% >
|
|
=----------------+----------+-----------+========+--=
|
|
TbScan 6.20 | 38.72% | 12.16% < 25.44% >
|
|
=----------------+----------+-----------+========+--=
|
|
ViruScan 116 | 0.00% | 0.00% < 0.00% >
|
|
=----------------+----------+-----------+========+--=
|
|
VirusScan 2.0.2| 0.00% | 0.00% < 0.00% >
|
|
=----------------+----------+-----------+========+--=
|
|
|
|
|
|
|
|
LEGEND:
|
|
|
|
|
|
Reliably identified: Detected with the correct name
|
|
|
|
Unreliably identified: Detected with the wrong name or with the
|
|
heuristic analyser
|
|
|
|
Not detected: Not detected at all
|
|
|
|
%Total Detected: The global detection rate (test set=100%)
|
|
|
|
|
|
|
|
Internet: luca.sambucci@ntgate.unisg.ch
|
|
FidoNet: Luca Sambucci 2:335/348.6
|
|
|
|
|
|
|