================================================= File 6FW98.TXT Detailed results of File and Macro Virus related on-demand scanner tests under Windows 98: ================================================= (Formatted with non-proportional font: Courier) The following 30 products (versions) participated in W-98 tests (for details of related AV producers: see A2SCNLS.txt): ANT: v: 1.1200.06 (German) sig: VDF 5.21.0.0(0) Nov.27,1999 ATD: v: 1.5, build 27.11.99 sig: Nov.27,1999 AVA: v: 3.0 Build 197 (4.0.50) sig: Nov.25,1999 AVK: v: 9.0.6 (kernel:9.052) sig: Nov.12,1999 AVG: v: 6.0 Release 6.0.96 sig: Nov.22,1999 AVP: v: 3.0.132.4 sig: Nov.22,1999 AVX: v: 5.1 sig: Nov.26,1999 CLE: v: 3.0 build 3122 CMD v: 4.58 mac-def: Nov.27,1999; sig: Nov.28,1999 DRW v: 4.16 sig:Nov.26,1999 DSE v: 4.03 sig: 4.0.4054 Dec.01,1999 ESA v: 2.1 sig: Dec.1,1999 FPR v: 3.06c mac-def: Nov.25,1999; sig: Nov.28,1999 FPW v: 3.06c mac-def: Nov.22,1999; sig: Nov.28,1999 FSE v: 4.06.1470 sig: Nov.30,1999 FWN v: 1.86 sig: August 19,1999 INO v: 4.53 sig: 6.0 Nov.12,1999 MKS v: 1.0 sig: Nov.23,1999 NAV v: 5.01.01 sig: Nov.29,1999 NOD v: 1.29 sig: December 4,1999 NVC v: 4.73 sig: Nov.28,1999 PAV v: 3.0, build 129 sig: Nov.27,1999 PER v: 6.0 Evaluation sig: Nov.23,1999 PRO v: 6.7.B05 QHL v: 5.21 sig: Nov.26,1999 RAV v: 7.6 SCN v: 4.0.3, Engine 4.0.50 sig: 4054 Dec.01,1999 SWP v: 3.28, build 4.10, Engine 1.3 sig: Dec.06,1999 VIT v: explorer Lite 2.6.26 sig: July 16,1999 (rec: Nov.23,1999) VSP v: 11.90.04 sig: November 1999 The following tables summarize detection and identification quality concerning FILE and MACRO viruses as well as selected FILE and MACRO MALWARE, both in full "zoo" virus collection and for viral ITW testbed. Additionally, test results are reported concerning detection of (6*10,000) viruses in a testbed with generations of 6 polymorphic file viruses, as well as a subset of 10,706 viruses generated from VKIT virus construction kit. Moreover, results for detection of viruses in files compressed with 4 popular packing methods are also given. Finally, a special test was performed concerning "false positive" virus detection of selected files which were deliberately chosen from available CD-ROMs and which were definitively clean of viruses. For discussion of results, see 6ASUMOV.TXT and 7EVAL.TXT. Results may be influenced by problems experienced during tests; such problems are documented in 8PROBLMS.TXT. Index of tables: ---------------- W98.F1: "FileVirus 1": Results of "full" Zoo test for file viruses W98.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses W98.FA: "Polyfile-Test": Results of Polymorphic test W98.FB: "VKIT Test": Results of VKIT file virus test W98.F3: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ and RAR W98.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed wiith PKZIP W98.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA W98.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ W98.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed wiith RAR W98.F4: "False Positive" detection: Results of "full" Zoo test for non-viral (clean) file samples detected as "False positives" W98.F5 "File Malware": Results of "full" Zoo test for File-related malware W98.M1: "MacroVirus 1": Results of "full" test for macro viruses W98.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses W98.M3: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ and RAR W98.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with PKZIP W98.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with LHA W98.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with ARJ W98.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW macro Viruses Packed with RAR W98.M4: "False Positive" detection: Results of "full" Zoo test for non-viral (clean) macro objects detected as "false positives" W98.M5: "Macro-Malware": Results of "full" zoo test for Macro-related malware Table W98.F1: "FileVirus 1": Results of "full" zoo test for file viruses under Windows 98: ====================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 18359 100.0 135907 100.0 ---------------------------------------------------------- ANT 17040 92.8 1399 7.6 480 2.6 128322 94.4 AVA 17905 97.5 647 3.5 134 0.7 133189 98.0 AVG 15684 85.4 527 2.9 317 1.7 120904 89.0 AVK 18295 99.7 408 2.2 34 0.2 135783 99.9 AVP 18349 99.9 426 2.3 0 0.0 135888 100.0 AVX 14211 77.4 2169 11.8 1279 7.0 104895 77.2 CMD 18287 99.6 55 0.3 3 0.0 135747 99.9 DRW 17751 96.7 453 2.5 187 1.0 132467 97.5 DSE 18330 99.8 571 3.1 18 0.1 135582 99.8 ESA 10647 58.0 270 1.5 555 3.0 84521 62.2 FPR 18295 99.7 0 0.0 2 0.0 135761 99.9 FPW 18287 99.6 11 0.1 3 0.0 135748 99.9 FSE 18350 100.0 82 0.4 1 0.0 135881 100.0 INO 18114 98.7 607 3.3 183 1.0 134743 99.1 NAV 17768 96.8 1327 7.2 274 1.5 132865 97.8 NOD 18053 98.3 2159 11.8 201 1.1 134282 98.8 NVC 18193 99.1 1264 6.9 112 0.6 134827 99.2 PAV 18351 100.0 426 2.3 0 0.0 135890 100.0 PRO 8187 44.6 530 2.9 887 4.8 64479 47.4 RAV 15881 86.5 1270 6.9 638 3.5 119771 88.1 SCN 18352 100.0 38 0.2 5 0.0 135845 100.0 SWP 18278 99.6 878 4.8 24 0.1 135346 99.6 VSP 14333 78.1 2787 15.2 1256 6.8 96239 70.8 ----------------------------------------------------------- Table W98.F2: "FileVirus 2": Results of "In-The-Wild" test for file viruses under Windows 98: ====================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 39 100.0 1047 100.0 ---------------------------------------------------------- ANT 35 89.7 2 5.1 4 10.3 995 95.0 ATD 39 100.0 0 0.0 1 2.6 1046 99.9 AVA 39 100.0 2 5.1 2 5.1 1045 99.8 AVG 39 100.0 7 17.9 3 7.7 1043 99.6 AVK 39 100.0 0 0.0 1 2.6 1046 99.9 AVP 39 100.0 0 0.0 1 2.6 1046 99.9 AVX 34 87.2 5 12.8 10 25.6 911 87.0 CMD 39 100.0 2 5.1 0 0.0 1047 100.0 DRW 39 100.0 3 7.7 1 2.6 1046 99.9 DSE 39 100.0 5 12.8 0 0.0 1047 100.0 ESA 39 100.0 1 2.6 8 20.5 1030 98.4 FPR 39 100.0 0 0.0 0 0.0 1047 100.0 FPW 39 100.0 1 2.6 0 0.0 1047 100.0 FSE 39 100.0 2 5.1 0 0.0 1047 100.0 INO 39 100.0 3 7.7 2 5.1 1045 99.8 MKS 38 97.4 0 0.0 3 7.7 1033 98.7 NAV 39 100.0 4 10.3 1 2.6 1046 99.9 NOD 39 100.0 10 25.6 0 0.0 1047 100.0 NVC 39 100.0 4 10.3 2 5.1 1045 99.8 PAV 39 100.0 0 0.0 1 2.6 1046 99.9 PER 19 48.7 1 2.6 4 10.3 418 39.9 PRO 39 100.0 2 5.1 10 25.6 975 93.1 QHL 36 92.3 1 2.6 9 23.1 977 93.3 RAV 39 100.0 5 12.8 5 12.8 1040 99.3 SCN 39 100.0 0 0.0 0 0.0 1047 100.0 SWP 39 100.0 2 5.1 1 2.6 1046 99.9 VIT 16 41.0 0 0.0 4 10.3 553 52.8 VSP 24 61.5 7 17.9 3 7.7 888 84.8 ----------------------------------------------------------- Table W98.FA: "Polyfile-Test": Results of Polymorphic test ========================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Maximum 6 100.0 60000 100.0 ---------------------------------------------------------- ANT 6 100.0 1 16.7 0 0.0 60000 100.0 AVA 6 100.0 2 33.3 1 16.7 59999 100.0 AVG 6 100.0 0 0.0 0 0.0 60000 100.0 AVK 6 100.0 0 0.0 0 0.0 60000 100.0 AVP 6 100.0 0 0.0 0 0.0 60000 100.0 AVX 6 100.0 0 0.0 2 33.3 49900 83.2 CMD 6 100.0 1 16.7 0 0.0 60000 100.0 DRW 6 100.0 0 0.0 0 0.0 60000 100.0 DSE 6 100.0 1 16.7 1 16.7 59997 100.0 ESA 6 100.0 1 16.7 2 33.3 59961 99.9 FPR 6 100.0 1 16.7 0 0.0 60000 100.0 FPW 6 100.0 1 16.7 0 0.0 60000 100.0 FSE 6 100.0 1 16.7 0 0.0 60000 100.0 INO 6 100.0 2 33.3 0 0.0 60000 100.0 MKS 6 100.0 0 0.0 1 16.7 59895 99.8 NAV 6 100.0 2 33.3 0 0.0 60000 100.0 NOD 6 100.0 0 0.0 0 0.0 60000 100.0 NVC 6 100.0 1 16.7 0 0.0 60000 100.0 PAV 6 100.0 0 0.0 0 0.0 60000 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 5 83.3 1 16.7 2 33.3 40523 67.5 QHL 6 100.0 1 16.7 4 66.7 51947 86.6 RAV 6 100.0 3 50.0 0 0.0 60000 100.0 SCN 6 100.0 0 0.0 1 16.7 59997 100.0 SWP 6 100.0 2 33.3 0 0.0 60000 100.0 VIT 4 66.7 0 0.0 3 50.0 20001 33.3 VSP 6 100.0 2 33.3 3 50.0 58857 98.1 ----------------------------------------------------------- Remark: For 6 polymorphic viruses (with Maltese Amoeba, MTE.Encroacher.B, NATAS, TREMOR, One-Half and Tequila as in the previous test), 10,000 generations each were produced with VTCs dynamic polymorphic generation and test engine. For each virus, 100 directories including infected objects with goat files of lengths ranging from 1 kByte to 100 kByte were generated. Table W98.FB: "VKIT Test": Results of VKIT file virus test ========================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 10706 100.0% % % 104640 100.0% ----------------------------------------------------------- ANT 10706 100.0 1365 12.7 3 0.0 104636 100.0 AVA 10706 100.0 1642 15.3 23 0.2 104595 100.0 AVG 10137 94.7 783 7.3 117 1.1 97780 93.4 AVK 10706 100.0 1194 11.2 0 0.0 104640 100.0 AVP 10706 100.0 1194 11.2 0 0.0 104640 100.0 AVX 10706 100.0 1261 11.8 15 0.1 104617 100.0 CMD 10706 100.0 1137 10.6 3 0.0 104636 100.0 drw 10706 100.0 1006 9.4 2 0.0 104638 100.0 DSE 10706 100.0 1178 11.0 0 0.0 104640 100.0 ESA 5546 51.8 313 2.9 1064 9.9 53713 51.3 FPR 10706 100.0 1137 10.6 3 0.0 104637 100.0 FPW 10706 100.0 1438 13.4 3 0.0 104636 100.0 FSE 10706 100.0 1272 11.9 0 0.0 104640 100.0 INO 10703 100.0 1261 11.8 8 0.1 104579 99.9 MKS 9583 89.5 0 0.0 248 2.3 91133 87.1 NAV 10696 99.9 638 6.0 120 1.1 103947 99.3 NOD 10705 100.0 3001 28.0 4 0.0 104635 100.0 NVC 10704 100.0 6198 57.9 327 3.1 102041 97.5 PAV 10706 100.0 1194 11.2 0 0.0 104640 100.0 PER 2064 19.3 4 0.0 430 4.0 16043 15.3 PRO 216 2.0 0 0.0 158 1.5 1282 1.2 QHL 9422 88.0 38 0.4 5369 50.1 74258 71.0 RAV 10704 100.0 1360 12.7 15 0.1 104606 100.0 SCN 10706 100.0 0 0.0 0 0.0 104640 100.0 SWP 10706 100.0 748 7.0 1 0.0 104639 100.0 VIT 4154 38.8 0 0.0 1128 10.5 36445 34.8 VSP 10638 99.4 5925 55.3 71 0.7 103416 98.8 ----------------------------------------------------------- Remark: A testbed of 10,706 viruses generated with the VKIT virus generator (out of about 14,000 viruses which can be generated) was used to test detection quality. This test was separated from the "normal" file virus test as 1) there is no agreement between AV producers whether viruses from VKIT should be counted just as 1 or as 14,000 different viruses (boasting number of detected viruses to over 40,000), and 2) because of the large size of this special testbed. Table W98.F3V: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW file viruses packed with PKZIP, LHA, ARJ and RAR ================================================================ This includes Viruses detected per packer ZIP % LHA % ARJ % RAR % ---------------------------------------------------------------- Testbed 39 100.0% 39 100.0% 39 100.0% 39 100.0% ---------------------------------------------------------------- ANT 35 89.7 2 5.1 35 89.7 3 7.7 ATD 39 100.0 39 100.0 39 100.0 39 100.0 AVA 39 100.0 3 7.7 3 7.7 4 10.3 AVG 39 100.0 2 5.1 39 100.0 39 100.0 AVK 39 100.0 39 100.0 39 100.0 39 100.0 AVP 39 100.0 39 100.0 39 100.0 39 100.0 AVX 33 84.6 33 84.6 34 87.2 33 84.6 CMD 39 100.0 0 0.0 39 100.0 0 0.0 DRW 39 100.0 0 0.0 39 100.0 39 100.0 DSE 39 100.0 39 100.0 0 0.0 0 0.0 ESA 39 100.0 39 100.0 39 100.0 39 100.0 FPR 39 100.0 0 0.0 39 100.0 0 0.0 FPW 39 100.0 0 0.0 39 100.0 0 0.0 FSE 39 100.0 39 100.0 39 100.0 39 100.0 INO 38 97.4 38 97.4 39 100.0 1 2.6 MKS 1 2.6 0 0.0 0 0.0 1 2.6 MR2 1 2.6 0 0.0 0 0.0 0 0.0 NAV 39 100.0 39 100.0 39 100.0 0 0.0 NOD 39 100.0 0 0.0 39 100.0 39 100.0 NVC 4 10.3 0 0.0 39 100.0 1 2.6 PAV 39 100.0 39 100.0 39 100.0 39 100.0 PER 19 48.7 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 35 89.7 1 2.6 35 89.7 1 2.6 RAV 19 48.7 14 35.9 27 69.2 0 0.0 SCN 39 100.0 39 100.0 39 100.0 39 100.0 SWP 39 100.0 0 0.0 39 100.0 39 100.0 VIT 0 0.0 0 0.0 0 0.0 0 0.0 VSP 2 5.1 2 5.1 2 5.1 2 5.1 --------------------------------------------------------------- Table W98.F3F: "Comparison of Detection Rate of Packed Viral Objects": Results of Detection Rate of objects infected with ITW file viruses and packed with PKZIP, LHA, ARJ and RAR ================================================================ This includes Viral objects detected per packer ZIP % LHA % ARJ % RAR % ---------------------------------------------------------------- Testbed 1047 100.0% 1047 100.0% 1047 100.0% 1047 100.0% ---------------------------------------------------------------- ANT 646 96.1 646 96.1 646 96.1 0 0.0 ATD 672 100.0 672 100.0 672 100.0 672 100.0 AVA 672 100.0 0 0.0 0 0.0 0 0.0 AVG 672 100.0 0 0.0 672 100.0 672 100.0 AVK 672 100.0 672 100.0 672 100.0 672 100.0 AVP 672 100.0 672 100.0 672 100.0 672 100.0 AVX 669 99.6 669 99.6 669 99.6 669 99.6 CMD 672 100.0 0 0.0 672 100.0 0 0.0 DRW 672 100.0 0 0.0 672 100.0 672 100.0 DSE 672 100.0 672 100.0 0 0.0 0 0.0 ESA 78 11.6 78 11.6 78 11.6 78 11.6 FPR 672 100.0 0 0.0 672 100.0 0 0.0 FPW 672 100.0 0 0.0 672 100.0 0 0.0 FSE 672 100.0 672 100.0 672 100.0 672 100.0 FWN 647 96.3 0 0.0 0 0.0 672 100.0 INO 672 100.0 594 88.4 672 100.0 0 0.0 MKS 0 0.0 0 0.0 0 0.0 0 0.0 NAV 672 100.0 672 100.0 672 100.0 0 0.0 NOD 672 100.0 0 0.0 672 100.0 672 100.0 NVC 6 0.9 0 0.0 672 100.0 0 0.0 PAV 672 100.0 672 100.0 672 100.0 672 100.0 PER 457 68.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 625 93.0 0 0.0 625 93.0 0 0.0 RAV 667 99.3 670 99.7 670 99.7 0 0.0 SCN 672 100.0 672 100.0 672 100.0 672 100.0 SWP 669 99.6 0 0.0 669 99.6 669 99.6 VIT 0 0.0 0 0.0 0 0.0 0 0.0 VSP 0 0.0 0 0.0 0 0.0 0 0.0 ---------------------------------------------------------------- Table W98.F3a: "PKZIP-Packed File Viruses": Results of Detection of ITW File Viruses Packed with PKZIP under Windows 98: ==================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 39 100.0 1047 100.0 ---------------------------------------------------------- ANT 35 89.7 2 5.1 7 17.9 884 84.4 ATD 39 100.0 0 0.0 1 2.6 1046 99.9 AVA 39 100.0 2 5.1 6 15.4 1045 99.8 AVG 39 100.0 4 10.3 7 17.9 1045 99.8 AVK 39 100.0 0 0.0 1 2.6 1046 99.9 AVP 39 100.0 0 0.0 1 2.6 1046 99.9 AVX 33 84.6 5 12.8 9 23.1 910 86.9 CMD 39 100.0 2 5.1 0 0.0 1047 100.0 DRW 39 100.0 3 7.7 1 2.6 1046 99.9 DSE 39 100.0 5 12.8 0 0.0 1047 100.0 ESA 39 100.0 0 0.0 37 94.9 39 3.7 FPR 39 100.0 0 0.0 0 0.0 1047 100.0 FPW 39 100.0 1 2.6 0 0.0 1047 100.0 FSE 39 100.0 3 7.7 0 0.0 1047 100.0 INO 38 97.4 3 7.7 1 2.6 1025 97.9 MKS 1 2.6 0 0.0 1 2.6 1 0.1 NAV 39 100.0 4 10.3 1 2.6 1046 99.9 NOD 39 100.0 13 33.3 0 0.0 1047 100.0 NVC 4 10.3 0 0.0 3 7.7 7 0.7 PAV 39 100.0 0 0.0 1 2.6 1046 99.9 PER 19 48.7 1 2.6 4 10.3 418 39.9 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 35 89.7 1 2.6 12 30.8 963 92.0 RAV 19 48.7 0 0.0 6 15.4 205 19.6 SCN 39 100.0 0 0.0 0 0.0 1047 100.0 SWP 39 100.0 2 5.1 1 2.6 1046 99.9 VIT 0 0.0 0 0.0 0 0.0 0 0.0 VSP 2 5.1 0 0.0 2 5.1 2 0.2 ----------------------------------------------------------- Table W98.F3b: "LHA-Packed File Viruses": Results of Detection of ITW File Viruses Packed with LHA under Windows 98: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 39 100.0 1047 100.0 ---------------------------------------------------------- ANT 2 5.1 0 0.0 2 5.1 2 0.2 ATD 39 100.0 0 0.0 1 2.6 1046 99.9 AVA 3 7.7 0 0.0 3 7.7 3 0.3 AVG 2 5.1 0 0.0 2 5.1 2 0.2 AVK 39 100.0 0 0.0 1 2.6 1046 99.9 AVP 39 100.0 0 0.0 1 2.6 1046 99.9 AVX 33 84.6 5 12.8 11 28.2 912 87.1 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 DSE 39 100.0 5 12.8 0 0.0 1047 100.0 ESA 39 100.0 0 0.0 37 94.9 39 3.7 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 39 100.0 3 7.7 0 0.0 1047 100.0 INO 38 97.4 1 2.6 30 76.9 92 8.8 MKS 0 0.0 0 0.0 0 0.0 0 0.0 NAV 39 100.0 4 10.3 1 2.6 1046 99.9 NOD 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 39 100.0 0 0.0 1 2.6 1046 99.9 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 1 2.6 0 0.0 1 2.6 1 0.1 RAV 14 35.9 0 0.0 8 20.5 67 6.4 SCN 39 100.0 0 0.0 0 0.0 1047 100.0 SWP 0 0.0 0 0.0 0 0.0 0 0.0 VIT 0 0.0 0 0.0 0 0.0 0 0.0 VSP 2 5.1 0 0.0 2 5.1 2 0.2 ----------------------------------------------------------- Table W98.F3c: "ARJ-Packed File Viruses": Results of Detection of ITW File Viruses Packed with ARJ under Windows 98: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 39 100.0 1047 100.0 ---------------------------------------------------------- ANT 35 89.7 2 5.1 6 15.4 893 85.3 ATD 39 100.0 0 0.0 1 2.6 1046 99.9 AVA 3 7.7 0 0.0 3 7.7 3 0.3 AVG 39 100.0 5 12.8 5 12.8 1045 99.8 AVK 39 100.0 0 0.0 1 2.6 1046 99.9 AVP 39 100.0 0 0.0 1 2.6 1046 99.9 AVX 34 87.2 5 12.8 10 25.6 911 87.0 CMD 39 100.0 2 5.1 0 0.0 1047 100.0 DRW 39 100.0 3 7.7 1 2.6 1046 99.9 DSE 0 0.0 0 0.0 0 0.0 0 0.0 ESA 39 100.0 0 0.0 37 94.9 39 3.7 FPR 39 100.0 0 0.0 0 0.0 1047 100.0 FPW 39 100.0 1 2.6 0 0.0 1047 100.0 FSE 39 100.0 3 7.7 0 0.0 1047 100.0 INO 39 100.0 3 7.7 2 5.1 1045 99.8 MKS 0 0.0 0 0.0 0 0.0 0 0.0 NAV 39 100.0 4 10.3 1 2.6 1046 99.9 NOD 39 100.0 13 33.3 0 0.0 1047 100.0 NVC 39 100.0 4 10.3 2 5.1 1045 99.8 PAV 39 100.0 0 0.0 1 2.6 1046 99.9 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 35 89.7 1 2.6 8 20.5 973 92.9 RAV 27 69.2 3 7.7 7 17.9 668 63.8 SCN 39 100.0 0 0.0 0 0.0 1047 100.0 SWP 39 100.0 2 5.1 1 2.6 1046 99.9 VIT 0 0.0 0 0.0 0 0.0 0 0.0 VSP 2 5.1 0 0.0 2 5.1 2 0.2 ----------------------------------------------------------- Table W98.F3d: "RAR-Packed File Viruses": Results of Detection of ITW File Viruses Packed with RAR under Windows 98: ================================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 39 100.0 1047 100.0 ---------------------------------------------------------- This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- ANT 3 7.7 0 0.0 3 7.7 3 0.3 ATD 39 100.0 0 0.0 1 2.6 1046 99.9 AVA 4 10.3 0 0.0 4 10.3 4 0.4 AVG 39 100.0 4 10.3 7 17.9 1047 100.0 AVK 39 100.0 0 0.0 1 2.6 1046 99.9 AVP 39 100.0 0 0.0 1 2.6 1046 99.9 AVX 33 84.6 5 12.8 9 23.1 910 86.9 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 39 100.0 3 7.7 1 2.6 1046 99.9 DSE 0 0.0 0 0.0 0 0.0 0 0.0 ESA 39 100.0 0 0.0 37 94.9 39 3.7 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 39 100.0 2 5.1 1 2.6 1046 99.9 INO 1 2.6 0 0.0 1 2.6 1 0.1 MKS 1 2.6 0 0.0 1 2.6 1 0.1 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NOD 39 100.0 13 33.3 0 0.0 1047 100.0 NVC 1 2.6 0 0.0 1 2.6 1 0.1 PAV 39 100.0 0 0.0 1 2.6 1046 99.9 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 1 2.6 0 0.0 1 2.6 1 0.1 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 39 100.0 0 0.0 0 0.0 1047 100.0 SWP 39 100.0 2 5.1 1 2.6 1046 99.9 VIT 0 0.0 0 0.0 0 0.0 0 0.0 VSP 2 5.1 0 0.0 2 5.1 2 0.2 ----------------------------------------------------------- Table W98.F4: "False Positive" detection: Results of "full" Zoo test for Non-viral (clean) samples detected as "false positives" under Windows 98: ================================================================ This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Maximum 38 100.0 1851 100.0 ---------------------------------------------------------- ANT 2 5.3 0 0.0 2 5.3 2 0.1 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVK 0 0.0 0 0.0 0 0.0 0 0.0 AVP 0 0.0 0 0.0 0 0.0 0 0.0 AVX 1 2.6 0 0.0 1 2.6 4 0.2 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 6 15.8 0 0.0 6 15.8 7 0.4 DSE 0 0.0 0 0.0 0 0.0 0 0.0 ESA 0 0.0 0 0.0 0 0.0 0 0.0 FPR 13 34.2 0 0.0 13 34.2 19 1.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 0 0.0 0 0.0 0 0.0 0 0.0 INO 1 2.6 0 0.0 1 2.6 1 0.1 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NOD 9 23.7 0 0.0 9 23.7 11 0.6 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 0 0.0 0 0.0 0 0.0 0 0.0 SWP 0 0.0 0 0.0 0 0.0 0 0.0 VSP 2 5.3 0 0.0 2 5.3 3 0.2 ----------------------------------------------------------- Remark: within 38 non-viral directories and totally 1851 non- viral objects, at least one sample in N directories was falsely detected (N = number in column 1) Table W98.F5 "File Malware": Results of "full" zoo test for File-related malware under Windows 98: ======================================================== File This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ---------------------------------------------------------- Testbed 4282 100.0 6639 100.0 ---------------------------------------------------------- ANT 2794 65.2 123 2.9 41 1.0 4129 62.2 AVA 2418 56.5 63 1.5 47 1.1 3724 56.1 AVG 2259 52.8 33 0.8 53 1.2 3271 49.3 AVK 3901 91.1 101 2.4 18 0.4 6164 92.8 AVP 3920 91.5 103 2.4 15 0.4 6189 93.2 AVX 2512 58.7 65 1.5 139 3.2 3612 54.4 CLE 206 4.8 5 0.1 27 0.6 323 4.9 CMD 4080 95.3 26 0.6 34 0.8 6309 95.0 DRW 2861 66.8 30 0.7 54 1.3 4304 64.8 DSE 4000 93.4 118 2.8 12 0.3 6267 94.4 ESA 1397 32.6 20 0.5 82 1.9 2183 32.9 FPR 4100 95.7 6 0.1 35 0.8 6336 95.4 FPW 3916 91.5 4 0.1 31 0.7 6075 91.5 FSE 4226 98.7 90 2.1 6 0.1 6557 98.8 INO 3352 78.3 51 1.2 58 1.4 5294 79.7 MKS 1586 37.0 0 0.0 78 1.8 2484 37.4 NAV 3273 76.4 84 2.0 126 2.9 5115 77.0 NOD 3323 77.6 144 3.4 104 2.4 5228 78.7 NVC 2777 64.9 110 2.6 82 1.9 4434 66.8 PAV 3923 91.6 103 2.4 15 0.4 6192 93.3 PER 445 10.4 1 0.0 33 0.8 667 10.0 PRO 583 13.6 11 0.3 52 1.2 954 14.4 RAV 1994 46.6 53 1.2 62 1.4 2825 42.6 SCN 4039 94.3 4 0.1 9 0.2 6331 95.4 SWP 3352 78.3 83 1.9 116 2.7 5138 77.4 VIT 23 0.5 0 0.0 5 0.1 28 0.4 VSP 2169 50.7 110 2.6 55 1.3 3029 45.6 ----------------------------------------------------------- Table W98.M1: "MacroVirus 1": Results of "full" zoo test for macro viruses under Windows 98: ====================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 4525 100.0% % % 12918 100.0% ----------------------------------------------------------- ANT 4081 90.2 127 2.8 30 0.7 11746 90.9 ATD 4522 99.9 75 1.7 1 0.0 12906 99.9 AVA 4266 94.3 33 0.7 13 0.3 12245 94.8 AVG 4410 97.5 26 0.6 11 0.2 12596 97.5 AVK 4522 99.9 75 1.7 1 0.0 12906 99.9 AVP 4522 99.9 75 1.7 1 0.0 12906 99.9 AVX 4276 94.5 91 2.0 10 0.2 12375 95.8 CMD 4525 100.0 54 1.2 0 0.0 12918 100.0 DRW 4453 98.4 53 1.2 16 0.4 12760 98.8 DSE 4525 100.0 34 0.8 0 0.0 12918 100.0 ESA 4022 88.9 143 3.2 136 3.0 11354 87.9 FPR 4525 100.0 0 0.0 0 0.0 12918 100.0 FPW 4525 100.0 10 0.2 0 0.0 12918 100.0 FSE 4525 100.0 17 0.4 0 0.0 12918 100.0 FWN 4516 99.8 53 1.2 3 0.1 12890 99.8 INO 4513 99.7 78 1.7 3 0.1 12891 99.8 MKS 4393 97.1 0 0.0 29 0.6 12599 97.5 NAV 4435 98.0 62 1.4 4 0.1 12665 98.0 NOD 4500 99.4 48 1.1 3 0.1 12857 99.5 NVC 4521 99.9 48 1.1 3 0.1 12906 99.9 PAV 4522 99.9 75 1.7 1 0.0 12906 99.9 PER 2429 53.7 54 1.2 131 2.9 6399 49.5 PRO 3048 67.4 0 0.0 95 2.1 8368 64.8 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 4428 97.9 153 3.4 4 0.1 12716 98.4 SCN 4525 100.0 0 0.0 0 0.0 12918 100.0 SWP 4463 98.6 36 0.8 11 0.2 12809 99.2 ----------------------------------------------------------- Table W98.M2: "MacroVirus 2": Results of "In-The-Wild" test for macro viruses under Windows 98: ======================================================= This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Maximum 80 100.0% % % 672 100.0% ----------------------------------------------------------- ANT 78 97.5 3 3.8 3 3.8 646 96.1 ATD 80 100.0 4 5.0 0 0.0 672 100.0 AVA 80 100.0 2 2.5 0 0.0 672 100.0 AVG 80 100.0 0 0.0 0 0.0 672 100.0 AVK 80 100.0 4 5.0 0 0.0 672 100.0 AVP 80 100.0 4 5.0 0 0.0 672 100.0 AVX 80 100.0 17 21.3 1 1.3 669 99.6 CMD 80 100.0 1 1.3 0 0.0 672 100.0 DRW 80 100.0 2 2.5 0 0.0 672 100.0 DSE 80 100.0 3 3.8 0 0.0 672 100.0 ESA 78 97.5 13 16.3 1 1.3 663 98.7 FPR 80 100.0 0 0.0 0 0.0 672 100.0 FPW 80 100.0 1 1.3 0 0.0 672 100.0 FSE 80 100.0 1 1.3 0 0.0 672 100.0 FWN 80 100.0 4 5.0 0 0.0 672 100.0 INO 80 100.0 5 6.3 0 0.0 672 100.0 MKS 79 98.8 0 0.0 1 1.3 665 99.0 NAV 80 100.0 4 5.0 0 0.0 672 100.0 NOD 80 100.0 5 6.3 0 0.0 672 100.0 NVC 80 100.0 5 6.3 0 0.0 672 100.0 PAV 80 100.0 4 5.0 0 0.0 672 100.0 PER 44 55.0 5 6.3 3 3.8 457 68.0 PRO 78 97.5 0 0.0 8 10.0 654 97.3 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 80 100.0 14 17.5 1 1.3 670 99.7 SCN 80 100.0 0 0.0 0 0.0 672 100.0 SWP 80 100.0 3 3.8 2 2.5 669 99.6 VIT 31 38.8 1 1.3 7 8.8 294 43.8 ----------------------------------------------------------- Table W98.M3: "Comparison of Detection Rate of Packed Viruses": Results of Detection Rate of ITW macro viruses packed with PKZIP, LHA, ARJ and RAR ================================================================ Viruses detected per packer Scanner ZIP % LHA % ARJ % RAR % ---------------------------------------------------------------- Testbed 80 100.0 80 100.0 80 100.0 80 100.0 ---------------------------------------------------------------- ANT 78 97.5 78 97.5 78 97.5 0 0.0 ATD 80 100.0 80 100.0 80 100.0 80 100.0 AVA 80 100.0 0 0.0 0 0.0 0 0.0 AVG 80 100.0 0 0.0 80 100.0 80 100.0 AVK 80 100.0 80 100.0 80 100.0 80 100.0 AVP 80 100.0 80 100.0 80 100.0 80 100.0 AVX 80 100.0 80 100.0 80 100.0 80 100.0 CMD 80 100.0 0 0.0 80 100.0 0 0.0 DRW 80 100.0 0 0.0 80 100.0 80 100.0 DSE 80 100.0 80 100.0 0 0.0 0 0.0 ESA 78 97.5 78 97.5 78 97.5 78 97.5 FPR 80 100.0 0 0.0 80 100.0 0 0.0 FPW 80 100.0 0 0.0 80 100.0 0 0.0 FSE 80 100.0 80 100.0 80 100.0 80 100.0 FWN 80 100.0 0 0.0 0 0.0 80 100.0 INO 80 100.0 80 100.0 80 100.0 0 0.0 MKS 0 0.0 0 0.0 0 0.0 0 0.0 NAV 80 100.0 80 100.0 80 100.0 0 0.0 NOD 80 100.0 0 0.0 80 100.0 80 100.0 NVC 1 1.3 0 0.0 80 100.0 0 0.0 PAV 80 100.0 80 100.0 80 100.0 80 100.0 PER 44 55.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 77 96.3 0 0.0 77 96.3 0 0.0 RAV 80 100.0 80 100.0 80 100.0 0 0.0 SCN 80 100.0 80 100.0 80 100.0 80 100.0 SWP 80 100.0 0 0.0 80 100.0 80 100.0 VIT 0 0.0 0 0.0 0 0.0 0 0.0 ---------------------------------------------------------- Table W98.M3a: "PKZIP-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with PKZIP under Windows 98: ===================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 80 100.0% % % 672 100.0% ----------------------------------------------------------- ANT 78 97.5 3 3.8 3 3.8 646 96.1 ATD 80 100.0 4 5.0 0 0.0 672 100.0 AVA 80 100.0 2 2.5 0 0.0 672 100.0 AVG 80 100.0 4 5.0 0 0.0 672 100.0 AVK 80 100.0 4 5.0 0 0.0 672 100.0 AVP 80 100.0 4 5.0 0 0.0 672 100.0 AVX 80 100.0 17 21.3 1 1.3 669 99.6 CMD 80 100.0 1 1.3 0 0.0 672 100.0 DRW 80 100.0 2 2.5 0 0.0 672 100.0 DSE 80 100.0 3 3.8 0 0.0 672 100.0 ESA 78 97.5 0 0.0 77 96.3 78 11.6 FPR 80 100.0 0 0.0 0 0.0 672 100.0 FPW 80 100.0 1 1.3 0 0.0 672 100.0 FSE 80 100.0 3 3.8 0 0.0 672 100.0 FWN 80 100.0 4 5.0 1 1.3 647 96.3 INO 80 100.0 0 0.0 0 0.0 672 100.0 MKS 0 0.0 0 0.0 0 0.0 0 0.0 NAV 80 100.0 4 5.0 0 0.0 672 100.0 NOD 80 100.0 5 6.3 0 0.0 672 100.0 NVC 1 1.3 0 0.0 0 0.0 6 0.9 PAV 80 100.0 4 5.0 0 0.0 672 100.0 PER 44 55.0 5 6.3 3 3.8 457 68.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 77 96.3 10 12.5 12 15.0 625 93.0 RAV 80 100.0 13 16.3 4 5.0 667 99.3 SCN 80 100.0 0 0.0 0 0.0 672 100.0 SWP 80 100.0 3 3.8 2 2.5 669 99.6 ----------------------------------------------------------- Table W98.M3b: "LHA-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with LHA under Windows 98: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 80 100.0% % % 672 100.0% ----------------------------------------------------------- ANT 78 97.5 3 3.8 3 3.8 646 96.1 ATD 80 100.0 4 5.0 0 0.0 672 100.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 80 100.0 4 5.0 0 0.0 672 100.0 AVP 80 100.0 4 5.0 0 0.0 672 100.0 AVX 80 100.0 17 21.3 1 1.3 669 99.6 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 0 0.0 0 0.0 0 0.0 0 0.0 DSE 80 100.0 3 3.8 0 0.0 672 100.0 ESA 78 97.5 0 0.0 77 96.3 78 11.6 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 80 100.0 3 3.8 0 0.0 672 100.0 FWN 0 0.0 0 0.0 0 0.0 0 0.0 INO 80 100.0 0 0.0 3 3.8 594 88.4 MKS 0 0.0 0 0.0 0 0.0 0 0.0 NAV 80 100.0 4 5.0 0 0.0 672 100.0 NOD 0 0.0 0 0.0 0 0.0 0 0.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 80 100.0 4 5.0 0 0.0 672 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 80 100.0 14 17.5 1 1.3 670 99.7 SCN 80 100.0 0 0.0 0 0.0 672 100.0 SWP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Table W98.M3c: "ARJ-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with ARJ under Windows 98: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 80 100.0% % % 672 100.0% ----------------------------------------------------------- ANT 78 97.5 3 3.8 3 3.8 646 96.1 ATD 80 100.0 4 5.0 0 0.0 672 100.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 80 100.0 4 5.0 0 0.0 672 100.0 AVK 80 100.0 4 5.0 0 0.0 672 100.0 AVP 80 100.0 4 5.0 0 0.0 672 100.0 AVX 80 100.0 17 21.3 1 1.3 669 99.6 CMD 80 100.0 1 1.3 0 0.0 672 100.0 DRW 80 100.0 2 2.5 0 0.0 672 100.0 DSE 0 0.0 0 0.0 0 0.0 0 0.0 ESA 78 97.5 0 0.0 77 96.3 78 11.6 FPR 80 100.0 0 0.0 0 0.0 672 100.0 FPW 80 100.0 1 1.3 0 0.0 672 100.0 FSE 80 100.0 3 3.8 0 0.0 672 100.0 FWN 0 0.0 0 0.0 0 0.0 0 0.0 INO 80 100.0 0 0.0 0 0.0 672 100.0 MKS 0 0.0 0 0.0 0 0.0 0 0.0 NAV 80 100.0 4 5.0 0 0.0 672 100.0 NOD 80 100.0 5 6.3 0 0.0 672 100.0 NVC 80 100.0 5 6.3 0 0.0 672 100.0 PAV 80 100.0 4 5.0 0 0.0 672 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 77 96.3 10 12.5 12 15.0 625 93.0 RAV 80 100.0 14 17.5 1 1.3 670 99.7 SCN 80 100.0 0 0.0 0 0.0 672 100.0 SWP 80 100.0 3 3.8 2 2.5 669 99.6 ----------------------------------------------------------- Table W98.M3d: "RAR-Packed Macro Viruses": Results of Detection of ITW Macro Viruses Packed with RAR under Windows 98: ================================================================== This includes Viruses ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 80 100.0% % % 672 100.0% ----------------------------------------------------------- ANT 0 0.0 0 0.0 0 0.0 0 0.0 ATD 80 100.0 4 5.0 0 0.0 672 100.0 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 80 100.0 4 5.0 0 0.0 672 100.0 AVK 80 100.0 4 5.0 0 0.0 672 100.0 AVP 80 100.0 4 5.0 0 0.0 672 100.0 AVX 80 100.0 17 21.3 1 1.3 669 99.6 CMD 0 0.0 0 0.0 0 0.0 0 0.0 DRW 80 100.0 2 2.5 0 0.0 672 100.0 DSE 0 0.0 0 0.0 0 0.0 0 0.0 ESA 78 97.5 0 0.0 77 96.3 78 11.6 FPR 0 0.0 0 0.0 0 0.0 0 0.0 FPW 0 0.0 0 0.0 0 0.0 0 0.0 FSE 80 100.0 3 3.8 0 0.0 672 100.0 FWN 80 100.0 4 5.0 0 0.0 672 100.0 INO 0 0.0 0 0.0 0 0.0 0 0.0 MKS 0 0.0 0 0.0 0 0.0 0 0.0 NAV 0 0.0 0 0.0 0 0.0 0 0.0 NOD 80 100.0 5 6.3 0 0.0 672 100.0 NVC 0 0.0 0 0.0 0 0.0 0 0.0 PAV 80 100.0 4 5.0 0 0.0 672 100.0 PER 0 0.0 0 0.0 0 0.0 0 0.0 PRO 0 0.0 0 0.0 0 0.0 0 0.0 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 0 0.0 0 0.0 0 0.0 0 0.0 SCN 80 100.0 0 0.0 0 0.0 672 100.0 SWP 80 100.0 3 3.8 2 2.5 669 99.6 ----------------------------------------------------------- Table W98.M4: "False Positive" macro virus detection: Results of "full" zoo test for non-viral (clean) macro objects detected as "false positives" under Windows 98: ===================================================================== False This includes Virus ---- unreliably ---- Files Scanner Alarm identified detected detected ----------------------------------------------------------- Maximum 26 100.0% % % 329 100.0% ----------------------------------------------------------- ANT 15 57.7 0 0.0 15 57.7 36 10.9 ATD 2 7.7 0 0.0 2 7.7 4 1.2 AVA 0 0.0 0 0.0 0 0.0 0 0.0 AVG 0 0.0 0 0.0 0 0.0 0 0.0 AVK 0 0.0 0 0.0 0 0.0 0 0.0 AVP 2 7.7 0 0.0 2 7.7 4 1.2 AVX 25 96.2 0 0.0 25 96.2 129 39.2 CMD 1 3.8 0 0.0 1 3.8 2 0.6 DRW 21 80.8 0 0.0 21 80.8 94 28.6 DSE 0 0.0 0 0.0 0 0.0 0 0.0 ESA 2 7.7 0 0.0 2 7.7 4 1.2 FPR 1 3.8 0 0.0 1 3.8 2 0.6 FPW 1 3.8 0 0.0 1 3.8 2 0.6 FSE 1 3.8 0 0.0 1 3.8 2 0.6 FWN 1 3.8 0 0.0 1 3.8 2 0.6 INO 13 50.0 0 0.0 13 50.0 22 6.7 MKS 24 92.3 0 0.0 24 92.3 154 46.8 NAV 4 15.4 0 0.0 4 15.4 4 1.2 NOD 0 0.0 0 0.0 0 0.0 0 0.0 NVC 2 7.7 0 0.0 2 7.7 2 0.6 PAV 2 7.7 0 0.0 2 7.7 4 1.2 PER 1 3.8 0 0.0 1 3.8 2 0.6 PRO 1 3.8 0 0.0 1 3.8 1 0.3 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 24 92.3 0 0.0 24 92.3 104 31.6 SCN 0 0.0 0 0.0 0 0.0 0 0.0 SWP 0 0.0 0 0.0 0 0.0 0 0.0 ----------------------------------------------------------- Remark: within 26 non-viral directories and totally 329 non- viral objects, at least one sample in N directories was falsely detected (N = number in column 1) Table W98.M5: "Macro-Malware": Results of "full" zoo test for Macro-related malware under Windows 98: =============================================================== Macro This includes Malware ---- unreliably ---- Files Scanner detected identified detected detected ----------------------------------------------------------- Testbed 260 100.0 394 100.0 ----------------------------------------------------------- ANT 181 69.6 2 0.8 2 0.8 294 74.6 ATD 257 98.8 0 0.0 0 0.0 391 99.2 AVA 212 81.5 3 1.2 4 1.5 317 80.5 AVG 203 78.1 2 0.8 4 1.5 303 76.9 AVK 257 98.8 0 0.0 0 0.0 391 99.2 AVP 252 96.9 0 0.0 0 0.0 386 98.0 AVX 245 94.2 7 2.7 2 0.8 377 95.7 CMD 260 100.0 4 1.5 0 0.0 394 100.0 DRW 204 78.5 1 0.4 4 1.5 316 80.2 DSE 259 99.6 4 1.5 0 0.0 393 99.7 ESA 148 56.9 0 0.0 10 3.8 238 60.4 FPR 260 100.0 1 0.4 0 0.0 394 100.0 FPW 260 100.0 1 0.4 0 0.0 394 100.0 FSE 260 100.0 1 0.4 0 0.0 394 100.0 FWN 252 96.9 6 2.3 0 0.0 386 98.0 INO 253 97.3 4 1.5 3 1.2 384 97.5 MKS 225 86.5 0 0.0 4 1.5 350 88.8 NAV 214 82.3 1 0.4 3 1.2 319 81.0 NOD 250 96.2 0 0.0 2 0.8 381 96.7 NVC 248 95.4 7 2.7 2 0.8 364 92.4 PAV 257 98.8 0 0.0 0 0.0 391 99.2 PER 112 43.1 1 0.4 8 3.1 169 42.9 PRO 64 24.6 0 0.0 5 1.9 107 27.2 QHL 0 0.0 0 0.0 0 0.0 0 0.0 RAV 248 95.4 14 5.4 5 1.9 373 94.7 SCN 260 100.0 0 0.0 0 0.0 394 100.0 SWP 247 95.0 2 0.8 4 1.5 377 95.7 VIT 9 3.5 0 0.0 0 0.0 16 4.1 -----------------------------------------------------------