AV test

I had some spare time ;D so I decided to make a test :wink:

  • I created 4 files containing the eicat test file: .txt,.com,.exe,.bat .
  • I added them to a .7z archive.
  • I added the .7z archive to a .zip archive.
  • I added the .zip archive to a .gz archikve.
    then I submitted the three archives to virustotal.com. The site showed almost the same results in the 3 cases, only 8 scanner out of 36 detected the fileā€¦
    http://www.virustotal.com/analisis/3e0a5e34a85721c49ff5cb9eca1bc3d3
    does this have any significance? Can any AV guru comment on this pls?
    thanx in advanceā€¦
    BTW, it was surprising seeing that the ā€œnewā€ Chinese Rising AV is among the 8 AVs :slight_smile:

Iā€™m glad you did a good job testing. :slight_smile:

I personally think the test is of limited value, archive files are by their nature inert, you have to extract the content (from multiple archives in this case) and then run the files inside and before that your AV should detect the zipped content.

Whilst avast has good archive support and many of the other on VT also unpacked the files but many obviously arenā€™t unpacking the .zip, .7zp, .gz combo. Send the files up naked and all should detect them, so it really isnā€™t a valid test as the archived files are of no immediate danger.

Thanks for testing Mina. Glad that avast has the enough unpackers to see the virus.