CAV3 detection rate test [2008.10.13] - 1.47%


  • total samples: 112
  • detected: 7
  • detection rate: 6.25%


  • total samples: 39
  • detected: 4
  • detection rate: 10.26%


  • total samples: 203
  • detected: 12
  • detection rate: 5.91%


  • total samples: 306
  • detected: 8
  • detection rate: 2.61%


  • total samples: 125
  • detected: 3
  • detection rate: 2.40%


  • total samples: 68
  • detected: 1
  • detection rate: 1.47%

[attachment deleted by admin]

This post is reserved for attaching images, in case I need to go over the 20 attachments per post limit.

Hi solcroft.

As you know the previous thread we closed. So far, this is an OK start… Hope we can keep things clean here. And here is the address for submitting samples to the AV Lab: (Make sure Subject is “SUSPICOUS FILE SUBMISSION” & It is Zipped & password protected “infected”).

We do appreciate your testing.


Samples can be submitted here: It’s more anonymous, but might be slower.

In your screenshot, did CAVS name the detected virus correctly? I ask because sometimes AVs give different names for the same virus, just look at some of the Virus Total ouputs and you can see different names.

Also, have you tried the link I mentioned yet? And if so, has that site correctly labeled the uploads as suspicious or as proven malware? I am curious about the accuracy of that site. :slight_smile: Suspicious files are analyzed by the Comodo team, so they can figure out if it’s a false positive or if it is in fact malware.

I agree with 3xist, let’s keep all negative comments out of this thread. If you guys have something to say to each other, say it in ■■■. :slight_smile: But, thanks for staying and posting results.

Thank you solcroft for posting these results. Is it possible for you to also use another AV beside comodo so we can see comparisons?


This forum is getting nasty. Why don’t you delete the offending posts, and salvage a thread with obvious value?
Yes solcroft can be a pain, but his thread was valuable.

Closing the thread only gives the wrong impression, if you know what i mean.

A moot question really, since there’s no authoritative definition of “correct” in this case. Vendors name viruses what they want, and none of them are any more “correct” than the others.

In my experience, CIMA is often ineffective, as in it fails to capture PE file behavior. For instance, compare this CIMA report:

with a report that ThreatExpert produced on the same file:

I’ve also took a screenshot of how D+ reacts when the file is executed locally. As you can see, this behavior was not captured by CIMA. As to why CIMA doesn’t work, I have no idea. But I’d guess that, as a new online sandbox service, its ability to deal with anti-emulation tricks often used by malware is lacking.

Not at this point, no. Sorry.

[attachment deleted by admin]

Hi Solcroft,
CIMA is a glimpse of what sort of instant malware analysis service comodo is working on.
It’s being developed and we have yet not talked about competing with anyone for it and we say same for CAV too.
We are working on it.

So have patience please.


Edited: Solcroft would appreciate if you could please give CIMA related suggestions in related section, i.e.

Heuristics isn’t in Cavs 3 yet

True, However CIMA uses very Advanced Heuristics & is continually being improved and worked on. Melih mentioned CIMA-Heuristics like technology in future versions of CIS.


I tested Comodo AV too but i dident take any screenshots but i uploaded all not detected samples to Comodo

66713 Total viruses [6GB+]
45842 Detected viruses
20871 Viruses left [1.72GB]

Total size is 1.1GB, unpacked it is 1.7GB

Happy testing

I edited this post as the links to malware was public.

Anyone interested can PM V7chy for it.



Cool. :slight_smile: And Comodo detected 68.7%. :smiley: Not bad. Let’s hope the undetected ones are added to the DB soon.

Aaah, the good ol’ VX Heavens collection. It’s been around for as long as I can remember; good to see that CAV has finally reached 70% after all these years.

Hey nice work!

It would be nice for you to join the Malware Research Group. :slight_smile:


Yes it’s not a bad % at all.