Explanation

Notes

The statistics that are listed here are the Day0 test. I.E. what are the results on the day that we acquire any binary and is tested. We also have included all the re-test results over time. Each vendor should improve as they start detecting the older and more common malicious binaries.

Each of the vendor's update process is executed at least once an hour to ensure that the latest virus signatures are loaded for our tests

These reports are a summary of the types what the different malware that we intercept. Note that we may have had more malware than is indicated in these tables, these are only the ones that were able to be identified. Each AV vendor has different capabilities and success in detecting malware that we collect. No single vendor detects 100%, nor can they ever. To expect complete protection will always be science-fiction.

That being said, you can see the different statistics of the different vendors in our charts. It can be confusing since each vendor uses a different name for each infection type and family. All tests are done with the same set of binaries for each vendor. We continue to test each of the binaries until each vendor is able to detect each piece of malware in our repository. Where ever possible we have attempted to contact the vendor for assistance with the command line options that we use. Otherwise we try different options to produce the highest detection rate available from the options.

Time Periods

In all cases the time periods listed for the charts are summarizations for that specific time period. So for the Re-Tests, the time period does not represent the interval for testing. ie, the weekly charts are for the last seven days of processing. The seven day Re-Test chart does not represent that the binaries were re-tested once in that period. It does represent a summarization of the processing and testing of the binaries in that time period.

The current list of AV tools that we use are as follows:

AV Vendor List

Current Live List

Product Vendor Free Version Commercial Version Donated? Binary Share Version Command Options
AntiVirus Quick Heal QuickHeal $20.00 US Yes Yes 10.00 qhscan -DNAScan -WARE -LIST -ARCHIVE -PACKED
Avira AntiVir Professional Edition Avira $29.62 US Yes Yes 2.1.12-89 antivir -noboot -nombr -s -rs --scan-in-archive --alltypes --allfiles --without-PCK -nomem --heur-level=3
avast! Linux Server Edition Alwil Yes $149.50 US Yes Yes 3.0.1 avastcmd --testall --blockdevices --testfull --archivetype=A --directory
AVG File Server Edition for Linux Grisoft $54.00 US Yes Yes 8.5 avgscan --heur --arc --macrow --pwdw --repok --pup
BitDefender Linux Edition BitDefender Yes $249.50 US Yes Yes 7.60825 bdscan
Clam AntiVirus SourceFire Yes N/A N/A Yes 0.94.1 clamscan --no-summary --detect-pua
Dr.Web Anti-virus for Linux DrWeb $28.77 US Yes Yes 4.44.0 drweb -ar -cn -ha -ok -path=
F-PROT Antivirus for Linux Workstations Frisk Yes $29.00 US Yes Yes 6.2.1 fpscan --scanlevel=4 --heurlevel=4 --archive=99 --adware --report
F-Secure Security Platform F-Secure $59.90 US Yes Yes 7.0.1 fsav --allfiles=yes --scanexecutables=yes --archive=yes --mime=yes --riskware=yes --virus-action1=report --riskware-action1=report --suspected-action1=report --auto=yes --list=yes
G-DATA Antivirus G-DATA Yes Yes 9.0 avkclient scan:
Ikarus Linux Scan Ikarus $57.30 US Yes Yes 1.32.12.0 t3scan -v /opt/ikarus/
Kaspersky Anti-Virus for File Server Kaspersky $190.00 US Yes Yes 5.7.13 kav4fs-kavscanner
McAfee VirusScan McAfee $34.98 US Yes Yes 5.10.0 uvscan --noboot --allole --mime --program --unzip --secure --\!guru --\!server
NOD32 for Linux File Server ESET $39.00 US Yes Yes 2.70.5 nod32 --files --arch --subdir --mail --sfx --rtp --adware --heur --adv-heur --all
Norman Virus Control for Linux Norman $65.06 US Yes Yes 7.00.00 nvcc -c -sb:1 -l:2 -u -s
Panda CommandLineSecure Panda Software $29.95 US Yes Yes 9.04.03 pavcl -auto -nob -cmp -nos -aex -heu:1
Sophos Endpoint Security and Control Sophos $??.?? US Yes Yes 4.35 sweep -ndi -ns -nb -all -rec -nremove -eec -sc -f -tnef -mime -oe -pua -suspicious -archive
ServerProtect for Linux TrendMicro $29.99 US Yes 3.00 vscantmrh -S -NC -NM -NB
Vba32 Linux Virus Blok Ada $23.60 US Yes Yes 3.12.6.5 vbacl -m=3 -af+ -pm+ -rw+ -ha=2 -vm+ -ok+ ar+ -sfx+ -ml+ -pd+
Vexira Antivirus for Linux Central Command $349.99 US Yes Yes 1.3.4 vascan --all-files --heuristics=high --sfx --action=skip -G
VirusBuster VirusBuster $22.98 US Yes Yes 1.3.4 vbscan --all-files --heuristics=high --sfx --action=skip -G

Retired List

Product Vendor Date Retired Reason Free Version Commercial Version Donated? Binary Share Version Command Options
AntiVirus Quick Heal QuickHeal Wednesday, 7 May 2008 New generation available $20.00 US (Yes) 8.00 qhscan -DNAScan -ARCHIVE
avast! Linux Home Edition Alwil Monday, 12 May 2008 Server version used Yes N/A N/A (Yes) 1.0.8 avast --testall --blockdevices --testfull --archivetype=A --directory
AVG Anti-Virus Free Edition Grisoft Wednesday, 28 November 2007 Server version used Yes N/A N/A 7.5 avgscan -heur -arc -rt -arcw -rtw -macrow -pwdw -repok
Avira AntiVir Personal Edition Classic Avira Thursday, 10 July 2008 Commercial vesion used Yes $29.62 US N/A (Yes) 2.1.11-23 antivir --allfiles -s --scan-in-archive --heur-macro --heur-level=3
F-PROT Antivirus for Linux Workstations Frisk Thursday, 10 April 2008 New generation available Yes $29.00 US N/A (Yes) 4.6.8 f-prot -ai -archive -server -list
F-Secure Security Platform F-Secure Wednesday, 4 June 2008 New generation available $59.90 US Yes (Yes) 5.5.2 fsav --allfiles=yes --scanexecutables=yes --archive=yes --mime=yes --riskware=yes --virus-action1=report --riskware-action1=report --suspected-action1=report --auto=yes --list=yes

Notes

  • AV Cost - For any of the pricing listed, we used the listed prices if available from their web sites. The actual price you may pay, or your ability to receive a discount will vary.
  • Donated - This vendor donated a license for our tests
  • Binary Share - This vendor receives binaries that they do not detect.
  • avast! - We are sharing the non-detected binaries from the commercial version only
  • F-Secure - Is the same engine as Kaspersky and samples that are not detected are forwarded to Kaspersky by F-Secure
  • Vexira - Is the same tool as Virusbuster but rebranded

↑ Contents

Updates

These reports are updated once a day.

Questions

If you have any questions about our methodology, process, want to donate a license, or give helpful hints on how to do this better, please send us email at antivirus -AT- shadowserver.org

↑ Contents

AV Processing Statistics

These are the number of samples processed the first time. This does not include any of the retest statistics.

Zero AV Detection Statistics

Note that these statistics are on the Day0 tests, and represent the total number of binaries not detected by any vendor combined

Virus Statistics

There are two sets of statistics per page. The first set are related to the Day0 acquisition of binaries. The second is the success of retries for the binaries that were not detected. The signatures for each of the vendors is updated about once an hour.

↑ Contents

<< URLs | Statistics | Virus Daily Stats >>