=================================== File 4TSTCON.TXT Conditions for scanners to conform with VTC test procedure: =================================== Formatted with non-proportional font (Courier) Remark: Test conditions are NOT changed against last test. In order to be testable under VTC test conditions, a scanner must conform to the set of conditions listed below. These conditions are the essential basis for processing parallel test batches without manual intervention. Moreover, automatic evaluation of huge scanner log files are performed with awk-scripts. We regard these conditions to be fairly reasonable, not too restrictive, as well as being useful for both users and developers because they allow them to understand and analyse VTC tests more easily. Several of the scanners in this test did NOT conform to those conditions. Very few even had to be withdrawn from the test, whereas several required "manual support". The task to test such non-conforming scanners is very difficult and time-consuming. Here is the list of conditions: A) Common conditions (AA-AB, A1-A9) F) Conditions for tests against file viruses (F1-F3) B) Conditions for tests against boot viruses (B0,B1,B1a,B2) M) Conditions for tests against macro viruses (M1-M2) W) Conditions for tests against malware (W1) P) Conditions for testing virus detection in packed files (P1) A) Common conditions: --------------------- AA) Essential parameters or options under which the scanner produces optimum detection results should be available to the tester. AB) The scanner must perform its detection tasks within reasonable time, compared to similar products. A1) The scanner must be able to create a report file in a specified directory (at least not on that drive where viruses are located). A2) The full path of scanned files must be present in the report file. Long paths MUST NOT be abbreviated, e.g. by using "..." instead of several intermediate directory names. Shortening file paths is acceptable when displaying them on the screen, but *not* in the report file. A3) The scanner must be able to run in "scan-only" mode. If its default mode is to disinfect automatically all viruses found, there must be an option to run it in "scan-only" (i.e., NO disinfection) mode. A4) The scanner must be able to run unattended - and they must NOT stop on each infected object and request user input. When scanning is completed, the scanner must be able to exit auto- matically and not wait for additional user intervention (including return keys). A5) The scanner must be able to run from the command line (DOS versions only), scan a subdirectory tree (not just whole drives) and create a report file with a name and location supplied by the tester. A6) If the scanner issues an audible alarm each time when it detects a virus, there must be a way to turn the sound off. This is not necessary if the alarm is issued only once - at the end of the scanning, but the alarm should be able to stop on its own, i.e. without requiring user intervention. A7) The only limit of the size of the report file that the scanner creates must be the amount of free disk space. A8) The scanner must be able to test objects on netdrives and obey the given user rights (i.e. read only, access denied). A9) The scanner must not move any file which it regards as infected to another drive or a specified directory. F) Conditions for tests against file viruses: --------------------------------------------- F1) The report file must contain the directory path and the file name of the suspious or infected file. F2) The scanner must be able to scan files with extensions defined by the tester, or it must at least be able to scan files with extensions COM, EXE, SYS, BAT and CMD. F3) The scanner must be able to run without problems on a huge directory tree - it should not be a problem to handle around 30,000 directories containing 100,000 files. Remark: these conditions apply also to tests of special file file viruses, such as of selected Polymprphic and VKit viruses. B) Conditions for tests against boot viruses: --------------------------------------------- B0) The scanner must be able to scan under SIMBOOT. B1) It should be possible to scan multiple diskettes without leaving the scanner. The scanner should prompt the tester to change the diskettes. It must request ONE AND THE SAME input from the tester between two diskettes, regardless of whether a virus is found or not. If the scanner does not have the option to scan multiple diskettes, it must have the option to append the results of the scanning procedure to an existing report. B1a) If the scanner doesn't work with Simboot, it must be able to scan the images directly. B2) The report file generated when scanning multiple diskettes must contain information about all scanned diskettes - not only about the infected ones, and not only about the last one. M) Conditions for tests against macro viruses: ---------------------------------------------- M1) The scanner must be able to scan macro viruses. M2) The report file must contain the directory path, the file name of the suspious or infected file. W) Conditions for tests against malware: ---------------------------------------- W1) The scanner must be able to scan for any file including non-self replicating malware such as trojan horses, virus droppers, first generation viruses, (network) worms, hostile applets etc. P) Conditions for testing virus detection in packed files: ---------------------------------------------------------- P1) The scanner must be able to scan for viruses in files compressed with ZIP, ARJ, LHA and RAR.