Author Topic: Two unrecognized viruses  (Read 16935 times)

0 Members and 1 Guest are viewing this topic.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Two unrecognized viruses
« Reply #15 on: August 08, 2007, 05:01:41 PM »
new module: it's in testing stage now.. it will be able to detect e.g. Allaple virus in some generic way... but it's not a heuristic module... heuristics will come with the 5 version, cause it needs more changes in current engine...

sanctuary24

  • Guest
Re: Two unrecognized viruses
« Reply #16 on: August 08, 2007, 05:41:33 PM »
Thanks mate for going through the trouble of describing it to me as I only have a basic knowledge of these things and any knowledge is greatly appreciated

Keep up the good work mate and I will look forward to seeing Version 5 when its released
« Last Edit: August 08, 2007, 05:44:10 PM by sanctuary24 »

yvs

  • Guest
Re: Two unrecognized viruses
« Reply #17 on: August 08, 2007, 05:45:27 PM »
the executable will be detected by some new vps in near future
Oh, good...

the doc file needs some more time
Simple macros in doc file?...

Ve have a problem...

To wish list: antivirus program must have user-defined base of strings (signatures) for some types files. And if user define signature "c:\windows\system\sys_z.drv" or "Mad Max" for doc-files - antivirus can switch-off (kill) macroses, contained this strings.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Two unrecognized viruses
« Reply #18 on: August 08, 2007, 05:57:23 PM »
well.. i know there's a string with the driver name... and we are able to unpack MS OLE offcourse.. but - we don't want to make a chaos with detecting it by the string... it's a macro, so it should be detected by the macro engine...

yvs

  • Guest
Re: Two unrecognized viruses
« Reply #19 on: August 08, 2007, 06:48:06 PM »
it should be detected by the macro engine...
Of course. And if Avast can treat doc-files, then he already have "macro engine".

And this "macro engine" don't must execute macroses, like MS Word. Just some parse file (doc, xls, odt, ...), select (exctract) marcoses and just search substring (may by with wildcards) and so on...

No, i not understand why Alwil working so slow. May by virus stream to Alwil is more bigger, then to other antivirus center?...

Imho, antivirus program can not recognize virus only if nobody send virus to developer. But must by strong maximum term from recieve virus to update antivirus database. Then user feel protection.

Thank for good free program.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Two unrecognized viruses
« Reply #20 on: August 08, 2007, 08:06:14 PM »
Of course. And if Avast can treat doc-files, then he already have "macro engine".

nope... MS OLE is unpacked in all cases - but not all MS OLE objects could be infected by some macro virus... real macro engine is more clever than to find some string everywhere... we can't produce many false positives ;)

yvs

  • Guest
Re: Two unrecognized viruses
« Reply #21 on: August 08, 2007, 08:46:09 PM »
Of course. And if Avast can treat doc-files, then he already have "macro engine".
nope...
:o

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Two unrecognized viruses
« Reply #22 on: August 08, 2007, 09:40:08 PM »
nope means - not realised as you think... i just want to say - macro engine is more complicated system than string matching algo... so we have string finder and macro engine, but don't want to mix them...

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Two unrecognized viruses
« Reply #23 on: August 08, 2007, 09:48:25 PM »
i mean

we are able to unpack OLE != we have a reliable macro engine
or
we are able to unpack OLE < we have a reliable macro engine

but we HAVE the macro engine and if we want to use it (and we of course want), we must choose the right parts of macro to check them etc... it's not so easy like choosing one detection string..
« Last Edit: August 08, 2007, 09:50:47 PM by Maxx_original »

yvs

  • Guest
Re: Two unrecognized viruses
« Reply #24 on: August 09, 2007, 07:28:48 AM »
Just some parse file (doc, xls, odt, ...), select (exctract) marcoses and just search substring (may by with wildcards) and so on...

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Two unrecognized viruses
« Reply #25 on: August 09, 2007, 08:37:56 AM »
yvs, I understand that people are generally not happy with "We know better than you" type of answers, but you'll have to trust that in this case, we actually do.

If you think otherwise, we'd be more than happy to employ you... :)

Take care,
Vlk
If at first you don't succeed, then skydiving's not for you.

yvs

  • Guest
Re: Two unrecognized viruses
« Reply #26 on: August 09, 2007, 12:21:08 PM »
not realised as you think...
Wath i think?..

I hear your banality about unpack OLE and macro engine and again think "ve have a problem", "ve have a problem"...

We know better than you
Oh, i very hope that you "know better" at least about viruses!

happy to employ you...
Tnx, i have own "job" - http://www.yvs.makeevka.com, accountig software for Ukraine.

Both viruses still not be recognized.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Two unrecognized viruses
« Reply #27 on: August 09, 2007, 12:40:41 PM »
yvs: wait for the next vps.. we can't release an unchecked detection generally... and the test for false positives takes over 20 hours (the cleanset is really huge).. we're thinking about some speed-up through the parallel tasks, but it absolutely can't be done by some allmighty magic wand in one second (one hour.. not even in one day)... many innovations are queued, but i said it before - everything needs some time..

yvs

  • Guest
Re: Two unrecognized viruses
« Reply #28 on: August 09, 2007, 01:16:55 PM »
yvs: wait for the next vps..
Tnx!

many innovations are queued
Tnx!

everything needs some time..
Yes, yes... Вut! vps for Zaraza.doc i and my fiends waiting more then one month, vps for AUH5j6Ma.exe i waiting from 2 aug 2007.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Two unrecognized viruses
« Reply #29 on: August 09, 2007, 01:23:34 PM »
it's the holidays time now.. we don't have the complete team here, so we need a little more time than ordinarily... but you can be sure, we're working on it ;)