urlQuery does not detect, but avast does

See: htxp://zulu.zscaler.com/submission/show/7cb4286d87f7c8c131db6c707a116ff2-1336576251
avast detects stub.bin as Win32:VB-UQZ [Trj]
see: htxp://vscan.urlvoid.com/analysis/8803a3db68e727aa5262f06bf4b1555f/c3R1Yi1iaW4=/
Here nothing detected: http://urlquery.net/report.php?id=52966
File Name : stub.bin
Total find on VirSCAN 77 same name files, 5 is safe, 72 is unsafe. the file ‘stub.bin’ 93.51% maybe a virus
DrWeb URL scanner: htxp://dl.dropbox.com/u/51571289/stub.bin infected with BackDoor.Blackshades.4
Analysis: htxp://anubis.iseclab.org/?action=result&task_id=122c3ec80120fec1495391c0334cf0eed&format=html

polonus

Hi Polonus,

I do not think urlQuery supports the scanning of non-online executables such as bin files. I think it only works when viewing the site hence they probably use a sandbox. If the automated system goes to the site, and is prompted with a download, nothing will occur since the dialog box will remain in a still state. http://urlquery.net/about.php >> It provides detailed information about the actions a browser takes while visiting an site.

Hi !Donovan,

That is why we should combine various scanners with various scan features. Yes basically urlQuery is a request and response scanner. They also have now inplemented Suricata IDS, see -http://en.wikipedia.org/wiki/Suricata_(software) & the Emerging Threats rulesets, so, yes, it is basically a html-based scanner.
But a very good and extensive one as such. This site has a completely other scan approach: -http://com.saferpage.de
For other purposes we have other scanners like Zscaler’s Zulu URL Risk Analyzer with external elements script scanning added and taking online risk resouces database results to weigh threat web rep. Sucuri’s free scanner has another angle and weighs backlisting and is specifically valuable for scanning after webforum software vulnerabilities and infections via PHP and js malware campaigns,

polonus