Explanation
Notes
The statistics that are listed here are the Day0 test. I.E. what are the results on the day that we acquire any binary and is tested. We also have included all the re-test results over the same calendar day. Each vendor should improve as they start detecting the older and more common malicious binaries.
Each of the vendor's update process is executed prior to each run to ensure that the latest virus signatures are loaded for our tests.
The tables on each page represent the results of the Anti-Virus tests against the malware that we collect each day. Each AV vendor has different capabilities and success in detecting malware that is collected. No single vendor detects 100%, nor can they ever. To expect complete protection will always be science-fiction.
That being said, you can see the different statistics of the different vendors in our charts. It can be confusing since each vendor uses a different name for each infection type and family. All tests are done with the same set of binaries for each vendor. We continue to test each of the binaries until each vendor is able to detect each piece of malware in our repository. Where ever possible we have attempted to contact the vendor for assistance with the command line options that we use. Otherwise we try different options to produce the highest detection rate available from the options.
Time Periods
In all cases the time periods listed for the charts are summarizations for that specific time period. So for the Re-Tests, the time period does not represent the interval for testing. ie, the weekly charts are for the last seven days of processing. The seven day Re-Test chart does not represent that the binaries were re-tested once in that period. It does represent a summarization of the processing and testing of the binaries in that time period.
AV Results for Comparisons
It is difficult to not compare one vendor to the next due to how we have the data structured on the pages. It would be impossible not to try and derive conclusions from those results. While that is the case, our goal is not to create a real comparison site for everyone to try and compete to see which AV vendor is better than the next. There are a multitude of those already, each of which have their own sets of malware to test and rules that they follow for complete their testing. That is not our purpose. We do not have a specific set of malware to test. We instead gather in new malware daily and test it against the different vendors.
The versions of AV engines that we have are as new as the vendor can provide us and updated at least hourly if not more frequently. But they are gateway or fileserver products for the most part. We do have plans for using full consumer AV applications as well, but that will take time and much more in donations to allow us to build the back end for that. We will get to it, just not today.
AV Vendor List
The following Vendor tables show which of the AV vendors we are currently using as well as the engine and signature level of each application. In most cases we are using the command-line-interface versions, gateway versions, or file server versions. These are not the normal home user versions and in some cases are special versions for anti-virus test systems. The data within the tables is being pulled from the live systems and updated twice a day. The actual engines and signatures are attempted to be updated prior to each malware run whether it is from the day0 test or for a retry. So the applications should be as updated as possible before testing occurs.
The current list of AV tools that we use are as follows:
Linux Vendor List
| Vendor | Engine | Signatures | Command Options |
| Authentium | 4.6.5 | 201205161340 | aiscan --nomem --nombr --noboot --all --pua |
| Avast | 3.2.1 | 120516-0 | avastcmd --testall --blockdevices --testfull --archivetype=A |
| AVG | 12.0.1782 | 2425/5003 | avgscan --heur --arc --macrow --pwdw --repok --pup |
| Avira | 8.2.10.68 | 7.11.30.58 | avscan --batch -noboot -nombr -s -rs --scan-in-archive --alltypes --allfiles --without-PCK -nomem --heur-level=3 --alert-action=none |
| BitDefender | 7.90123 | 7.42290 | bdscan |
| Clam | 0.97.3 | 14927 | clamscan --no-summary --detect-pua -r |
| DrWeb | 6.0.0.02020 | 7.0.2.4281 | drweb -ar -cn -ha -ok -path=$1 |
| Eset | 3.0.21 | 7143 (20120516) | esets_scan --files --arch --subdir --mail --sfx --rtp --adware --heur --adv-heur |
| FProt | 4.5.1.85 | 201201271132 | fpscan --scanlevel=4 --heurlevel=4 --archive=99 --adware --report |
| FSecure | 2.50 build 11035 | Wednesday, 16 May 2012_03 | fsav --allfiles=yes --scanexecutables=yes --archive=yes --mime=yes --riskware=yes --virus-action1=report --riskware-action1=report --suspected-action1=report --auto=yes --list=yes |
| Ikarus | 1.01.118 | 16.05.2012 | t3scan |
| Kaspersky | 5.7.20 | 16-05-2012 | kav4ws-kavscanner |
| McAfee | 5400.1158 | 5000 created May 16 2012 | uvscan --recursive --noboot --allole --mime --program --unzip --secure --!guru --!server |
| Norman | 6.8.6 | 2012-15-05 23:30 | mtscan |
| Panda | 9.04.03 | 14/05/2012 | pavcl -auto -nob -cmp -nos -noscr -rpt:$out -aex -heu:1 |
| QuickHeal | 11.00 | 18 October, 2011 | qhscan -DNAScan -ARCHIVE -WARE -LIST -PACKED -REPORT=$tmp |
| Sophos | 4.51.0 | 05-16-2012 | sweep -ndi -ns -nb -all -rec -nremove -eec -sc -f -tnef -mime -oe -pua -suspicious -archive |
| TrendMicro | 3.00-1009 | Sunday, 13 May 2012 | vscantmrh -S -NC -NM -NB |
| Vexira | 5.5.0.2 | 14.2.72.0 | vascan --all-files --heuristics=high --sfx --action=skip -G |
| VirusBlokAda | 3.12.16.4 | Wednesday, 16 May 2012 | vba32.sh -m=3 -af+ -pm+ -rw+ -ha=2 -vm+ -ar+ -sfx+ -ml+ |
| VirusBuster | 5.5.0.2 | 14.2.72.0 | vbscan --all-files --heuristics=high --sfx --action=skip -G |
Windows Vendor List
| Vendor | Engine | Signatures | Command Options |
| AhnLab | Wednesday, 16 May 2012.01 | Wednesday, 16 May 2012.01 | v3tmedic.exe /scantype:all /cure:off /log |
| Authentium | 4.6.2 | 201205161340 | aiscan.exe --nomem --nombr --noboot --all --pua |
| Avast | command-line scanner | 120516-0 | ashcmd /_ /s /d /p /a /c /i /t=a /x=P /e=100 /r=report |
| AVG | 10.0.2425 | 271/5002 | avgscanx.exe /HEUR /ARC /MACROW /PWDW /REPOK /PUP |
| Avira | 8.2.10.64 | 7.11.30.58 | scancl --nombr /s /z /a --nomem --heurlevel=3 |
| BitDefender | 7.1 | 11.0.1.6 | bdc.exe /arc |
| Clam | 0.97.3 | 14927 | clamscan --no-summary --detect-pua -r |
| Comodo | 5.1 | 12343 | cavscons /h2 /c |
| DrWeb | 7.00.1.05020/7.00.2.04281 | Wednesday, 16 May 2012 09:40 | dwscancl /ar /ha /ok /sls- /sps- |
| Emsisoft | 5.1.0.4 | Wednesday, 16 May 2012 | a2cmd.exe /h /r /a |
| Eset | 4.2.71.2 | 7143 (20120516) | ecls --files --arch --subdir --mail --sfx --rtp --adware --heur --adv-heur |
| Fortinet | 4.3.398 | 15.546 | vscanner.exe -V -gALL |
| FProt | 4.6.2.117 | 201205161704 | bin64\\MS\\fpscan64.exe -i \\antivir.def --scanlevel=4 --heurlevel=4 --archive=99 --adware --report |
| FSecure | 9.00.17090 | Tuesday, 27 March 2012 | scan --archive --adv-heur |
| GData | AVA 22.4985,AVL 22.913 | 16.05.2012,16.05.2012 | avkcmd.exe /scan(e3): |
| Ikarus | 1.01.118 | 16.05.2012 | t3scan |
| K7 | 9.10.0.0 | 10.0.2422 | k7cscn32.exe |
| Kaspersky | 6.0.4.1424 | 30012012 0030 | avp.exe SCAN /i0 /fa |
| McAfee | 5400.1158 | 6713 created May 16 2012 | scan.exe /RECURSIVE /NOBOOT /ALLOLE /MIME /PROGRAM /UNZIP /SECURE |
| Microsoft | 1.8403 | Wed May 16 03:45:58 2012 | mpscanp.exe /report /rptall |
| Norman | 5.99.02 | Wednesday, 16 May 2012 07:16 | nvcc /BS- /C /CL:0 /N /L:0 /O /SB:1 /U |
| PCTools | 7.0.5.0 | 20120517.009 | SDAVFileScan.exe -v |
| QuickHeal | 11.00 | 15 May, 2012 | qhscan /DNAScan /ARCHIVE /WARE /LIST /PACKED |
| Sophos | 4.73.0 | 05-16-2012 | sav32cli.exe -ndi -ns -nb -all -rec -nremove -eec -sc -f -tnef -mime -oe -pua -suspicious -archive -nmbr -nmem |
| Sunbelt | 3.0 | 11924 | sbscan /f |
| Symantec | 20111.2.0.82 | 2012/3/23 Build: 23 | symscan.exe /defs |
| Vexira | 5.5.0.4 | 14.2.72.0 | vascan --all-files --heuristics=high --sfx --action=skip -G |
| VirusBlokAda | 3.12.16.4 | Wednesday, 16 May 2012 | vba32w /mr=0 /as=0 /bt- /m=3 /af+ /pm+ /rw+ /ha=2 /vm+ /ar+ /sfx+ /ml+ |
| VirusBuster | 5.5.0.4 | 14.2.72.0 | vbscan.exe --all-files --heuristics=high --sfx --action=skip -G |
Updates
These reports are updated once a day.
AV Processing Statistics
This chart is the total number of files processed by the AV test system.
Zero AV Detection Statistics
These statistics are the result of AV testing over a 48-hour period and how many files were still not detected by any single vendor. There is a severe change in the results after 2011-07 which is when we added in the Windows AV scanners to our test suite. While on most days the results are not zero, the values are so low as to not be seen in the current chart.
<< | Statistics | >>
