Hello Didi, Friday, May 12, 2006, 3:44:19 PM, you wrote:
> Maybe it is of interest: > http://nepenthes.mwcollect.org/stats:scannertest Not really. You have to take the results with a grain of salt for several reasons: The test is 6 months old (even if heise.de still sells it as "News") Many scanners rely on heuristics - like NOD32 for example - was the heuristic used at all ? There is no info, if the samples are working. Sometimes broken binaries are caught by the honeypot. A scanner that relies on a strong unpacking engine, like Kaspersky, could fail to unpack such a sample and fail to detect it while a scanner that doesn't make use of too many unpackers and relies more on searchstrings against runtime packed malware (and you can find a lot of this in a honeypot) is able to find enough to raise a detection - so, is a scanner that doesn't detect a broken sample really a bad thing? I could go on like this - actually this test does not tell too much. Antivirus Testing is a complex business, and while the Nephentes Project most likely had good intentions, it should be noted that this test result leaves much to ask for and can't be used to make any statement about the overall quality of a product. -- Best regards, Christoph mailto:[EMAIL PROTECTED] _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
