http://scanner.novirusthanks.org/index.php?options=1

有 "Do not distribute the sample"的選項


支持的引擎 23個:
http://novirusthanks.org/index.php?p=about

Antivirus	Homepage	Engine
a-squared	Emsi Software	4.0.0.11
Antivir	Avira	8.1.2.12
AVG	AVG Technologies	8.0.0.0
Avast!	ALWIL	4.7.1098.0
BitDefender	BitDefender GmbH	7.0.0.2555
ClamWin	ClamAV	0.93.1.0
Comodo	Comodo Group	3.0
Dr.Web	Doctor Web, Ltd	4.44.0.0711200
Ewido	ewido networks	4.0.0.2
F-PROT 6	FRISK Software	4.4.4.56
G DATA	G DATA Software	2.0.7309.847
IkarusT3	Ikarus Software	0.1.32.1
Kaspersky	Kaspersky Lab	8.0.0.357
McAfee	McAfee	5.1.0.0
Nod32	Eset Software	3.0.677
Norman	Norman	5.92.08
QuickHeal	Cat Computer Services	9.50
Panda	Panda Security	9.5.1.00
Solo Antivirus	SRN Micro Systems	7.0
Sophos	Sophos	4.32.0
TrendMicro	Trend Micro	1.1-1001
VBA32	VirusBlokAda	3.12.0.300
VirusBuster	VirusBuster	1.4.3

[ 本帖最後由 andy 於 2008-9-15 13:15 編輯 ]

How we test

The testing of anti-viruses by VirusInfo is powered by free online scanner VirusTotal. Project participants, being practising specialists in the area of computer security, are uploading at VirusTotal the malicious software that they have received form infected machines, and then publish the results of scanning in a special topic on VirusInfo forum. The malicious software should meet the following requirements:

1) The sample should not be detected by the anti-virus software that protects the infected machine.

2) The sample should be found by the consultant him/herself in a real infection case.

3) The sample should not be taken from some other site or from some other collection of malware.

The results of scanning are regularly generalized as a graph of detection level. The graph is prepared in accord with the following principles:

1) The X axis represents the anti-virus software used by VirusTotal at the current moment. The Y axis represents the number of samples uploaded.

2) For each antivirus we mark the number of samples that it has successfully detected using one or another detection method. The graph reflects the general number of detected samples and the each method's part in the general detection.

3) The following detection methods are distinguished:

a) signature detection (detecting already known malware by the signature method)

b) heuristic detection (detecting yet unknown malware by the method of emulation / code analysis / etc. Examples: "Heur.Trojan.Generic"; "a variant of: XXXXX")

c) detection of suspicious file (detecting yet unknown malware by the method of informing the user about suspicious characteristics of a sample under analysis. Examples: "Suspicious file"; "VIPRE: Suspicious")

d) detection of suspicious cryptor / packer (detecting yet unknown malware by the method of informing the user about the unknown / rare / suspicious packer / cryptor or about the fact of multiple packing / crypting. Example: "HEUR/Crypted").

Testing results

The latest one is the graph for February, 2008, presented below.



General conclusion

In February, 2008 the leader of the testing is Webwasher-Gateway due to its combination of signature, heuristic and packer / cryptor detection methods. The second and third places belong to F-Secure for its good signature detection combined with heuristic module and AntiVir - by the very same reasons as the leader. The worst product in February was FileAdvisor.

The best percent of each method in the whole detection rate: signature method - F-Secure; heuristics - Prevx1; suspicious - eSafe and Panda, packers / cryptors - AntiVir and WebWasher-Gateway.

Comments on how we test and how to understand the results

The material for testing is collected irregularly and voluntarily. VirusInfo publishes a new graph each month. The testing cannot be regarded as the one which completely reflects the detection abilities of anti-virus software, at the same time the data received are of certain value when comparing antiviruses in a complex way, taking into consideration the results of several independent tests.

Additional info

Materials for testing are collected in the Russian section Antiviruses, anti-Spyware/Adware/Hijackers of VirusInfo forum. In that section the forum members can access the earlier graphs. You may discuss the results of testing in English here.

Licensing

Copyright (c) VirusInfo.
All rights reserved.
Using the materials of this article without mentioning the source is prohibited.

Statistics is collected and processed by Shu_b

» Testing: Previous month

最近不知為什麼 又會想起這些冷門東西
雖然知道應該沒幾個人感興趣，不過還是發出來吧

首先，基本上他們都有內部版cls，從VT或VirScan 上你可以看到一堆了，但就是有些不開放給用戶使用
原因是...?

以前 比如 Symantec 在1997年時有 v1.0的 CLS版，但過了10多年都沒更新過同類型的新版出來給用戶使用，從VT上可看到 Symantec 有 v10的 CLS。曾開放過，但又停了?

Antivir,Eset,IK,F-Prot等等都有繼續開放呢

有些更是從沒開放過

我先猜，希望可以拋磚引玉

1. 可能怕其他人只使用他們的CLS而不使用他們的產品
2. 怕被人用來做免殺
3. 其他

大家發表一下其他的原因吧，呵呵

我的問題是問及 何時可以使用OneCare的 Command-line Scanner(OneCareScanner.exe)

因為在正常模式下不能用

QUOTE:

The only time that you can use OneCareScanner.exe is when you are on safemode. Once in safemode you would need to run a set of command lines on Command Prompt to initialize the scanning. Its not a bug, since it was designed as a command line utility specifically to run on safemode.

Here are some steps if you need to use the SafemodeAVScanner (OneCareScanner.exe):

1. Boot the Computer to safemode.

a. To boot the system to safemode keep hitting F8 after the restart of the computer and after you see the POST screen of the BIOS.

b. On several OEM machines the keys are different it might be F9 or F11 but normally it should be F8.

2. Once in safemode open a command prompt window by going to Start then RUN and type in CMD then hit OK.

3. The command prompt should appear. On command prompt type in these commands hit enter after every command line:

a. CD\

b. CD Program Files

c. CD *live

d. safemodeavscanner -s -h -b

4. The final command would initialize a full system scan. IF the scanner finds any Malware after it ran the scan it should present several options to take on how to remove them.

我感覺有些無言...只能在 Safe mode下用

真是沒想到的..... 他有一個OneCareScanner.exe,和一個SafemodeAVScanner.exe

看他回的，這兩個似乎都沒什麼分別吧

Command Line Scanner v.s On-Demand/Acess Scanner (Not for Commerical test)


當(個人/一般)測試大量樣本時，又不想裝多個殺軟,甚至又不想用太多綠色殺軟，因為右鍵會激增(長)


那麼Command Line Scanner(CLS) 就是一個別的好選擇了
優點:
1. 不用安裝
2. 沒有一埋右鍵
3. 沒有任何寫入
4. 支持掃後彈出報告
5. 其他 (後補)
* 要右鍵的話也可自己加，先前 000110閣下 就有做過 Ikarus的cls右鍵了

缺點:
1. 更新不方便，很多無法增量升級，官方也不一定有提供離線庫包，所以時間較長
2. 外觀不美，沒GUI直接顯示，不像綠色版方便看
3. 不是每款都有提供CLS版本，或CLS的版本是很舊，比如Symantec的 Norton cls v1.0 就是1997年的，已不支持掃瞄RAR檔(如果有人知這有新的版本請告知下載 )，支援可能有差
4. 其他 (後補)
* 升級方法可以自己好好想想怎樣升，善用庫包或升級器就可以了
* 某些提供官方升級器，比如 VBA32(也能增量升級的)

總結 : 不論CLS或者綠色殺軟，也是各有各好，善用並行，大家定能有更多的選擇或用法

FreShow 公開發布有很多人問我一些腳本是如何解密的，是否有可用的工具。其實一切客戶端的加密都是紙老虎（neeao），如果對于一些基本的腳本知識和潛在的解密函數有所了解的話，一切也就迎刃而解了，一切也就清晰可見了。所以我不希望他們盲目地滿足于簡單地按几下按鈕，而是從一些基礎了解起，這樣最后再用到工具時，只是起到減少机械計算和驗証的作用，也會有融會貫通的豁然。

      一般會推荐大家看看這篇文章：

      輕輕松松解密各種網頁木馬，由于網上多次輾轉復制，原作者不詳。可自行百度或google。


      FreShow也是隨著這個想法誕生的產物。從最初沒有名字的一個網頁元素篩選器，到逐漸有了几種算法的積累，到逐漸地有了雛型，最后到了有個工具的樣子。見証了自己學習的過程，從一無所知的混沌到逐漸明晰的腳本，從黑不溜秋的控制台程序到友好的交互界面，一切的一切恍如昨日。一些算法和功能的實現過程中，不時會遇到一些攔路虎，也了解到自身的局限性，但是逐個擊破他們的爽快感是沒有什麼可以比擬的，lovewei說這個大概就是傳說中的成就感吧，我笑著默許，我希望一點一點的累積這種感覺，一步一步地走好每一步，對于未來我也依稀看到延展的那一條路。

      公開FreShow，也是一直的想法。曾經論壇里見過一個簽名，感触頗深：將一杯水傾倒，方能再行注滿。我希望放下之前的成果，重拾好奇的包袱，探索新的領域。當然，也希望那些在戰斗著的朋友們有個好幫手，幫助他們解放雙手，有更多的時間來關注腳本本身。


      同樣的，網上已經存在著非常優秀的在線解密，值得推荐。

      http://www.cha88.cn/ （7jdg）

      http://monyer.cn/demo/monyerjs.html （Monyer）



      FreShow采用VC編寫，如果你希望和我共同完善它(代碼、圖標、教程)或者有好的建議和bug報告，可以給我郵件：
      jimi_pub〔at〕126〔dot〕com



     最后，祝使用愉快，並向各路反病毒人士致敬。^_^





-主要功能-

    網頁元素篩選，例如iframe、scr□pt等。

    混淆去除，例如“a”+“b”、空字符等。

    字符替換，適合于部分自寫函數。

    轉義符、網頁標記轉換。

    ASCII字符轉換，支持分隔符輸入。

    支持US-ASCII編碼。

    支持ALPHA2、Base64、Winwebmail加密算法。



合作發布站點 維萊實驗室 http://www.velabs.cn/blog
      
      維萊實驗室是一個旨在提供國內民間程序員展示個人作品舞台，並為IT用人單位發掘人才的專門平台網站,同時我們也關注全球的資訊安全發展趨勢，給予用戶客觀可靠的推荐和提醒。




我的站點 http://www.jimmyleo.com/work/



點擊下載
MD5 ： 81020e2c8a2b52a4126ad57beb046c9d



運用FreShow實戰realplayer漏洞挂馬網站 by zzh161




P.S. 作者jimmyleo在AVPClub 也有 帳號的，呵呵

希望各位多多善用FreShow， 善用他的話，相信大部份毒網你也能自己解開

方便各位更有效提取樣本

各位珍惜善用啊

同時，如果有bug的話也記得匯報給作者啊

http://www.app-zilla.com/swift_antivirus.html



Swift AntiVirus descr□ption
Free and easy to use antivirus application
Swift AntiVirus offers comprehensive protection against viruses, worms, Trojans and dialers. Swift AntiVirus checks and protects all the relevant system areas of your computer.

Swift AntiVirus is a stand-alone utility used to detect and remove major viruses. Swift AntiVirus is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when cleaning infected systems.

Swift AntiVirus is regularly updated and can detect hundreds of common viruses, worms, Trojans, and dialers (including all variants of the Sober, MyDoom, Nyxem and Bagle viruses).

Swift AntiVirus offers a scanner that requires minimal processing power for repairing a compromised system.

Swift AntiVirus detects over 20,000 viruses variants and also offers full scan memory (active processes).

Here are some key features of "Swift AntiVirus":

· High detection rates for viruses and spyware.
· Scanning Scheduler.
· Automatic downloads of regularly updated Virus Database.
· Small footprint, and doesn't take up much system resources.
· Scan Memory for Virus.


Requirements:

· .NET Framework 1.1
· Intel Pentium II 350MHz or above
· 64 MB RAM or above

http://www.app-zilla.com/Builds/SwiftAntiVirusSetup.exe

whats NEW for Build 52 Public Beta 2:

* Added tray notification window.

* Added System Tools.

* Link Scanner (Safe Search a Safe Surf) may be activated/deactivated from AVG GUI.

* Improvements and fixes in GUI.

* Information windows are displayed correctly on the top.

* Overview tab is correctly focused after Update.

* Fixed problem with saving personal email scanner configuration.

* Fixed problem with saving configuration of Additional Scan Reports (in Advanced settings - Scans).

* Fixed problem with blocking of some web pages caused by Web Shield.

* Fixed problems with AVG Firewall Profile switching.

* Changes in AVG Firewall default configuration.

* Information in Scan Results is changed correctly after healing, removing infections.

* It is not possible to remove already removed infections.

* Fixed problem with saving Anti-spam settings.

* Fixed problem with AVG Firewall start up on Windows x64 edition.

* Files are correctly deleted from Virus Vault after restoring.

* Added some missing texts.

* AVG Firewall could be disabled and switched to Emergency mode correctly.

* Fixed problem with assigning profile to adaptor or network area.

* Settings of servers for Personal Email Scanner are correctly accepted.

* Improved Anti-Rootkit detection.

* Improved Web Shield detection possibilities.

* Improved detection of some infections.

* Fixed AVG crashes during scanning.

* Fixed possible crash during closing AVG application.

* Update settings are displayed correctly.

* Tasks scheduled from Advanced Settings are saved correctly.

* Fixed problem with entering blank password in a dialog during scanning password protected archives.

* Correct Date of storage is displayed for files moved to Virus Vault.

* 'Empty Vault' button has been added into Virus Vault.

* Fixed computer freezing caused by AVG Firewall.

* Fixed crash during AVG Firewall component reinstallation.

* Improvements in Update process.

* Fixed blocked network connection after Update if AVG Firewall installed.

* Fixed automatic and manual proxy server settings.

* Fixed applications rules storing in AVG Firewall.

* Fixed problem with AVG Firewall configuration modification.

* Information on update process is displayed correctly.

* Fixed problem with healing files under some conditions.

* Fixed crash during update process.

* Fixed crash caused by Personal Email Scanner.

* Manually set Personal Email Scanner servers work correctly.

* Fixed problem with sudden AVG Firewall deactivation.

* Added settings for Potential Unwanted Programs exceptions.

* It is possible to set ports which are scanned by Web shield.

下載Link :
http://www.grisoft.cz/doc/79461/uk/crp/0

https://secure.grisoft.com/dwnbeta/avz/avg80f_52a1239.exe  (可能要先註冊才能下載)

轉自卡飯 - 紫天

QUOTE:

FISTP的引擎變化
今天有朋友發現FISTP多了個Hydra（長蛇座）引擎，一下子勾起了我的興趣，晚上回來辦完了手頭上的事情就開始了我的新探索。

為了和FSCS對比，我特地在虛擬机上安裝了FSCS 7.10並更新到了最新的版本。FISTP和FSCS一樣，都只是安裝了“反病毒和間諜程序”、“網絡通信掃描”和“系統控制”，從自動更新的下載界面我們可以看到兩者的不同：

FSCS 7.10主要包含了
1. Anti Spyware
2. Anti-Virus AVP Extended
3. Anti-Virus Libra（天秤座）
4. Anti-Virus Misc
5. Anti-Virus Orion（獵戶座）
6. BlackLight Engine
7. DeepGuard
8. Gemini（雙子座）
9. Pegasus（飛馬座）
這9個組件。

FISTP主要包含了
1. Anti-Virus AVP Extended
2. Anti-Virus Misc
3. BlackLight Engine
4. DeepGuard
5. Gemini（雙子座）
6. Hydra（長蛇座）——新引擎
7. Pegasus（飛馬座）
這7個組件。

由此可以看到，FISTP的引擎變動很大：

1. 首先是去掉了FSCS中的Anti Spyware、Libra（天秤座）和Orion（獵戶座）引擎。
    至于Draco（天龍座）引擎，從置頂的介紹貼中可以看出，此引擎主要負責查殺間諜、廣告軟件，而FSCS已經有了Anti Spyware引擎（或者說是組件更合適些？）。所以，我估計Draco在FSCS中已經被Anti Spyware替換了，而在FISTP中連Anti Spyware都被去掉了。

2. 新加入了Hydra（長蛇座）引擎
    這里只能說這麼多，至于Hydra是否是Draco、Libra和Orion整合后的改進版本就不得而知了，我試圖上網查找一些關于Hydra引擎的資料，很遺憾，目前還沒有找到。或許有高手能夠幫忙指點一二。

3. 其他組件
    FISTP里還有一些諸如Universal System Scanner等的其他組件，我僅從字面上來理解，應該是對過去已存在組件的細分或定義，並沒有上述引擎變動來的激動人心。

先寫這些，明天有空再查查資料，真的對Hydra（長蛇座）很感興趣，困了，睡覺了先。

G DATA AntiVirus Business 看看誰能申請到試用啊(我還沒申請到，所以希望申請到的給我一份 )

如果是試用版的話， 估計也可以用那種無限試用申請

不過可惜的是 我只在 波蘭網站上找到

不過不要緊吧， 看慣了 AVK介面的人，都猜到大約是什麼的吧，呵呵

* G DATA AntiVirus Business 是 Avast+F-Prot引擎

http://www.gdata.pl/portal/PL/content/view/174/104/

With the introduction moment to our offer of programs G DATE AntiVirus Business as well as G DATE MailSecurity, we enable their convenient testing together with receiving of bringing up to dates - even before purchase execution.

To obtain test license on products biznesowe fill and send after-mentioned form. Thanks to that will receive:

Link to pobrania the version of installation program, Number registration enabling registration of program and the bringing up to date of bases.

On the registration of program, engines antywirusowe will be brought up to date by whole month! We ask to fill wszyskie requisite fields (*)

下面是申請填項的翻譯

Firma*: Firm

Imię*: Name

Nazwisko*: Surname


Adres*: Address


Kod pocztowy* / Miejscowość*:  Post Code /Locality
  

Email*: Email

Telefon*: Telephone


Numer klienta: The client's number

ACE TrustPort Antivirus(5引擎) 換掉BD 換上VBA32引擎



http://www.aec.cz/index.php?id=42,0,0,1,0,0

不知是否 BD引擎的價錢貴 所以才換呢?

繼GDATA AVK和 SNS 後，TrustPort也換掉BD 引擎

1. 介面:



2. Scanner 設定:








3. Monitor 設定 :








4.Register Monitor 設定 :


5. ArcaCheck :


6. Firewall :


7. ArcaHTTP : (HTTP Scan)


8. Mail :


9. AntiSpam :



我就不用多介紹了，大家看圖吧~~


有人說，MKS / Arcavir 殺系統文件，這是一個誤解，據我所知殺系統文件發生在簡體中文系統上(繁體我不知道有沒有)
若果你是用英文系統的話，信相不會有殺系統文件的事出現吧

ArcaVir 的能存何如，大家自己試試就知道了
安裝時有自訂安裝

BitDefender 官方回饋活動：免費使用BitDefender 互聯網安全2008 250天或者 BitDefender 9 專業版Plus 1年的注冊碼
官方注冊地址：
http://www.bitdefender.de/site/Promotions/security03/

Gutscheincode:*  請輸入：security03
Anrede:*  性別
Vorname:*  姓
Nachname:*  名
Land:*  國家
E-mail:*  郵箱地址

免費獲得的BitDefender 注冊碼，可以在BitDefender Internet Security 2008 使用250天或者 BitDefender 9 Professional Plus 使用1年

注意：收到的注冊碼應該都是一樣的，所以不用重覆申請了  。

BitDefender 9 Professional Plus 官方繁體中文版下載：
http://download.bitdefender.com/ ... efender_prof_v9.exe

BitDefender 9 Professional Plus 官方英文版下載：
http://download.bitdefender.com/ ... efender_prof_v9.exe

BitDefender Internet Security 2008 英文版下載：
http://download.bitdefender.com/ ... curity_2008_32b.exe

-by winpatrol 原創-

[ 本帖最後由 andy 於 2007-11-20 19:23 編輯 ]

Kaspersky Anti-Virus & Internet Security 7.0.0.125終於出現在了卡巴斯基官方http下載中.
采用新技朮,卡巴斯基反病毒軟件結合了傳統的反病毒方式與最新的主動防御技朮,更加有效的保護您的計算机遠離病毒、木馬、蠕虫以及各種惡意程序.卡巴斯基互聯網安全套裝是一套完整的解決方案,用以保護您的計算机抵御几乎所有來自互聯網的主要的威脅.


下載:Kaspersky Anti-Virus 7.0.0.125 Final(21.4 MB)
下載:Kaspersky Internet Security 7.0.0.125 Final(22.6 MB)

投的是 大家 沒見過 而又想要的


看看那個 是最多人想要而沒出現的

AVG IS/AM 不支援中文檔名掃瞄，有點...

描述：1.中文檔下的不能打開
图片：


描述：2.改了英文檔名就掃到了
图片：
  

描述：3.對比兩檔都是一樣的
图片：


AVG IS/AM 不支援中文檔名掃瞄，有點...

IS = Internet Security (AVG AV+ AVG Anti-Spyware，不裝其他東西功能和AM一樣了)
AM = Anti-Malware (AVG AV+ AVG Anti-Spyware)

1.中文檔下的不能打開

2.改了英文檔名就掃到了

3.對比兩檔都是一樣的

我裝這測試的是 AVG IS，只裝了 AV+Anti-Spyware部份
估計 AM也會有同樣問題

喜歡或不喜歡 AVG 的都 麻煩Email 說給 AVG聽聽，要求他們支援中文(包括繁體中文和簡體)檔名掃瞄