[Avcheck] DrWeb [was: avcheck-0.4]

Piotr Klaban makler+avcheck@man.torun.pl
Wed, 19 Sep 2001 11:46:42 +0200 

On Tue, Sep 18, 2001 at 01:16:52PM +0400, Michael Tokarev wrote:
> Those bugs should and will be fixes (I already posted all my
> results to sald, got *great* attention from them -- again,
> unlike kaspersky's ignorance).  People at sald knows that them
I do not want to stand up for kaspersky's firm, but I must
say that the man who is developping the sparc version of kav*
software is very responsive, I have "got *great* attention from
him" (e.g. he solved all the problems with avp that I have
reported to him - 42 bomb, MIME unpacking time and more) and
he instantly improves the performance of avp. I must say
that he knows what and how the things should work.

> viruses than DrWeb (40.000 vs 20.000 approx), but this is due
> to how viruses are counted -- AVP counts every virus modification,
Right, I do not know how that people know all that viruses,
do they exchange the virus information with other A-V firms?

> them nicely.  Them names the same viruses a bit differently,
> but that's not an issue (for example, DrWeb - Win95.Matrix.something,
> AVP - I.Worm.MTXsomething).
I know ... there is no standard naming schema; I remember
the virus 'blebla' ... the name is pointless. They have to
create many new virus names each day ... and creating names
is not so easy ;)

> Funny that folks seems just not knows about alarm() -- I pointed
> this out, and them agreed and thanked me.  Them learns).  That to
That's nice ;-)

> DrWeb seems to be somewhat faster than AVP, but I'm not shure --
I do not know for sure, but kavscanner is probably written in C++,
and maybe kavdaemon too. Programs written in C++ could run
a bit slower than in C, but what realy matters is the algorithm
for unpacking, checking etc. AVP uses many procedures written in
assembler (although there is no assembler functions,
for sparc, for UPX unpacking, and unpacking UPX files is slow).

> antivirus base updates *includes* executables too.  Win-based
> version is able to fetch executable files automatically, so
> this is transparent (except of traffic and download time ;).
I think that this is normal for young software like that
- many things are changing. This could (and should) change in the future.

> review.  And DrWeb is more "unix friendly" at the end, -- it has
> less options that are more logical at least than of Avp, and one
> *knows* looking into short docs how to execute DrWeb tools (I
> spent a great amount of time trying to figure out what every
> kavdaemon option means and how it interacts with other options).
I agree with you, but ... postfix has much more options than AVP ;-).

> My impression about DrWeb is very good for now -- let's see how
> it will change with time... ;)
I have sent them a mail yesterday, and have not received any responce
yet... I'd send to another account. Where is the linux version
of DrWeb available?

Regards,

-- 
Piotr Klaban