About multi-engine online scanners

[Lusher]

Like lots of people, I use virustotal and similar sites to check stuff i download (at least those with small size).

The problem i notice with using so many antiviruses, is that the possibility of a FP increases - even if the chance of one fp for one scanner is low, when you have 32 "bites at the apple"..... (I heard some of them are set to maximum heuristics even which makes matters worse).

No matter what i upload, it seems that pretty much they will be flagged by at least 1-2 as suspicious or in some cases even a specific detection is given.

How does one then decide? Okay so maybe if you say 2 and they say heuristics or suspicious, AND you know the rep of the software is good you might ignore, but what about 4 detections? 6? 8?

Or does one look at what scanner is crying foul? Maybe you trust a detection if it by A rather than B etc..

What do you guys think?

[igor]

Yes, I'm afraid we are painfully aware of this situation.
Since almost every file is reported by some heuristics on VirusTotal as suspicious at least, we get all these samples from VirusTotal as "undetected".

Personally, I'd restrict the heuristic settings of the scanners significantly... but I guess their authors wouldn't agree 

[bob3160]

Heuristics with the wrong settings are an annoying cause of False Positives.
As Lusher mentioned, it becomes a judgment call which of these to blow off as smoke
and which warnings to treat as a possible fire.
My rule has always been "When in doubt, do without"