

How good are anti-virus heuristic scanners? - thristian
http://archive.cert.uni-stuttgart.de/bugtraq/2003/06/msg00251.html

======
ZoFreX
> ESATF is used to "check", so, in order to get a "full" checking, I think it
> should be treated like a true virus

No, it shouldn't. EICAR is a special test-case, and if it was detected
heuristically then Hello, World! would also get flagged as a virus. Not
helpful.

A better way to test heuristics in AV scanners would be to run a 6 month out
of date antivirus program against viruses that have emerged in the last 6
months, and that is exactly what the heroes at AV Comparatives [1] do every
year.

[1] <http://av-comparatives.org/>

~~~
nodata
Direct link: [http://www.av-
comparatives.org/en/comparativesreviews/retros...](http://www.av-
comparatives.org/en/comparativesreviews/retrospective-test)

------
ordinary
8 year old post. Interesting, though.

