VIRUS TEST Nr. 002
-= SMEG Viruses =-
Copyright (C) 1994 Luca Sambucci
All rights reserved.
Italian Computer Antivirus Research Organization
The "Simulated Metamorphic Encryption Engine" is a new engine
used to create polymorphic viruses, some of these viruses seem
to be 'in the wild' in the United Kingdom.
At the moment there are three versions of the engine (v0.1, v0.2
and v0.3). For this test I've used two viruses created with the
0.1 and 0.2 versions of the engine, the "Pathogen" and the "Queeg"
viruses.
The option used are the same used for the June 1994 edition of the
General Antivirus Test, except for the "/CPL" option for the AVScan
(this product now scans inside compressed files by default).
For all other information (product/producer information, legal
issues etc.) please refer to the June 1994 edition of the General
Antivirus Test (always available at request or at our official
distribution sites).
The following products have been tested:
Name Version Date (MM/DD/YY) Producer
=-----------------------------------------------------------=
AVScan 1.58 06/18/94 H+BEDV GmbH
AV Toolkit Pro 2.00d 06/20/94 KAMI Ltd.
F-Prot 2.12c 06/16/94 Frisk Soft. Int.
Sweep 2.63Beta 06/06/94 Sophos Plc
ThunderByte AV 6.20 05/06/94 ESaSS BV
ViruScan 9.28V116 06/15/94 McAfee Inc.
VirusScan 2.0.2 06/02/94 McAfee Inc.
TEST RESULTS
SMEG v0.1 (Pathogen)
For the test I've infected 996 files (496 COM and 500 EXE)
with "Pathogen" replications.
Here the results (996 replications):
| Antivirus |Rel. |Unrel. |Not | %Total |
| product |Identif.|Identif.|Detected |Detected |
=----------------+--------+--------+---------+=========+-=
AVScan 1.58 | 996 | 0 | 0 < 100.00% >
=----------------+--------+--------+---------+=========+-=
AVP 2.00d | 983 | 8 | 5 < 99.50% >
=----------------+--------+--------+---------+=========+-=
F-Prot 2.12c | 996 | 0 | 0 < 100.00% >
=----------------+--------+--------+---------+=========+-=
Sweep 2.63Beta | 996 | 0 | 0 < 100.00% >
=----------------+--------+--------+---------+=========+-=
TbScan 6.20 | 368 | 6 | 622 < 38.72% >
=----------------+--------+--------+---------+=========+-=
ViruScan 116 | 0 | 0 | 996 < 0.00% >
=----------------+--------+--------+---------+=========+-=
VirusScan 2.0.2| 0 | 0 | 996 < 0.00% >
=----------------+--------+--------+---------+=========+-=
SMEG v0.2 (Queeg)
For the test I've infected 995 files (496 COM and 499 EXE)
with "Queeg" replications.
Here the results (995 replications):
| Antivirus |Rel. |Unrel. |Not | %Total |
| product |Identif.|Identif.|Detected |Detected |
=----------------+--------+--------+---------+=========+-=
AVScan 1.58 | 991 | 0 | 4 < 99.60% >
=----------------+--------+--------+---------+=========+-=
AVP 2.00d | 985 | 4 | 6 < 99.40% >
=----------------+--------+--------+---------+=========+-=
F-Prot 2.12c | 991 | 0 | 4 < 99.60% >
=----------------+--------+--------+---------+=========+-=
Sweep 2.63Beta | 0 | 616 | 379 < 61.91% >
=----------------+--------+--------+---------+=========+-=
TbScan 6.20 | 120 | 1 | 874 < 12.16% >
=----------------+--------+--------+---------+=========+-=
ViruScan 116 | 0 | 0 | 995 < 0.00% >
=----------------+--------+--------+---------+=========+-=
VirusScan 2.0.2| 0 | 0 | 995 < 0.00% >
=----------------+--------+--------+---------+=========+-=
Note:
All "Queeg" replications detected by the Sweep have been
identificated as "Pathogen".
GLOBAL RESULTS SMEG viruses (1991 replications):
| Antivirus |%Detected | %Detected | %Total |
| product | Pathogen | Queeg | SMEG |
=----------------+----------+-----------+========+--=
AVScan 1.58 | 100.00% | 99.60% < 99.80% >
=----------------+----------+-----------+========+--=
AVP 2.00d | 99.50% | 99.40% < 99.45% >
=----------------+----------+-----------+========+--=
F-Prot 2.12c | 100.00% | 99.60% < 99.80% >
=----------------+----------+-----------+========+--=
Sweep 2.63Beta | 100.00% | 61.91% < 81.00% >
=----------------+----------+-----------+========+--=
TbScan 6.20 | 38.72% | 12.16% < 25.44% >
=----------------+----------+-----------+========+--=
ViruScan 116 | 0.00% | 0.00% < 0.00% >
=----------------+----------+-----------+========+--=
VirusScan 2.0.2| 0.00% | 0.00% < 0.00% >
=----------------+----------+-----------+========+--=
LEGEND:
Reliably identified: Detected with the correct name
Unreliably identified: Detected with the wrong name or with the
heuristic analyser
Not detected: Not detected at all
%Total Detected: The global detection rate (test set=100%)
Internet: luca.sambucci@ntgate.unisg.ch
FidoNet: Luca Sambucci 2:335/348.6