CAVS detection rate & repair ability

hi (:WAV)
this question just pop up in my head today (too much cafein, i guess ;D ).
on my CAVS virus list there are 262119 virus sigs. i wanna know if CAVS only can detects them (and quarantine them) or repair the infected file as well?


It really depends on the infection itself. Not all infections can be safely repaired without risking damage to the container file. I’m yet to see an AV that can categorically, 100%, guaranteed repair every infection. that’s why they all have multiple possible actions on a detection.

Ewen :slight_smile:

so can someone give perhaps a percentage value of chance that the infected file can be repaired by CAVS? i’ve used symantec before, the detection rate’s pretty good (i was infected by redlof, rontokbro & w32.silly) but it can’t repair the files infected by these viruses/worms. and i had to use Norman virus control to fixed them.


you mean whether the infection can be repaired or not depends on the infection condition? i thought, the repairment is based on the virus itself ==> CAVS can repair the files infected by “virus A” but only can detects & quarantine “virus B”.


I like questions like this and answers like panic’s because they give me a reason to give a suggestion.

What I have always wanted to see from an anti-virus product is the ability to be able to repair 99% of unrepairable files.
Over the years, I have come across many files that cannot be repaired even the biggest paid for antivirus products and as said by panic, “Not all infections can be safely repaired without risking damage to the container file”

Obviously anti-virus companies have servers, we download our products from them, so for example, if a important system file, container file or any other important file that was beyond repair and would cause instability to the OS was infected, could the anti-virus connect to the developers server and download a legitimate, clean copy of that file and replace the infected one?
With that said, I know that many people use many different software products and that would require the developers to have ever single file from every piece of software on the server which in reality is not possible, but what im suggesting is that only files that are essential OS files that are required for your system to function correctly to be stored on the server.

Im no developer thats for sure, so im not sure how possible it would be.

So anyone have any idea if it would be possible? I’m just curious


Interesting idea but the concept of re-distributing proprietary, copyrighted files would undoubtedly be raised. How would the AV companies know whether you are legally entitled to a particular file?

Ewen :slight_smile:

welcome Subliminal (:HUG)

and don’t forget my questions ;D


We’re both right. :wink: Whether an AV can repair a particular infection depends, in part, on how the virus/trojan/whatever inserts its code into an existing file. Some infections are easy to remove and just about all AVs remove it safely. Other infections are harder to remove and only some AVs can remove it, and then some infections are almost impossible to remove without damaging the container file.

Ewen :slight_smile:

so, in this case how’s CAVS compared to other AV then?

and for this case, from 262.119 known malwares how many malwares that can be fixed by CAVS?
everybody’s bragging about detection rate,but it only needs 1 malware to mess things up, so i think repairability rate is far more important.

this is the case study (inspired by true story) ;D :
i have 3 computers : 1) victim computer
2) symantec installed computer
3) Norman Virus control computer

the victim computer has an invoicing application software and it was infected by rontokbro, so i copy the infected files to a flashdisk and try to scan the flashdisk on two other computers.

results :
1)symantec detects rontokbro, and the only option available is quarantine, (my whole 3 years data
files can’t be repaired)
2)norman detects it, and there were options to quarantine & repair, i repair the app, and i can use it

conclusion :
i throw away them both since they’re all not free ;D