When CIMA heuristics gets integrated to CIS, will it just flag files as suspicious or will it give some explanation as CIMA does on why it was rated susp??
I cant wait to get this module integrated to CIS as I submitted a bunch of files and it works great!! Love this online analysis tool and the report it generates is amazing.
One more thing: I know CAVs scans for compressed files, but does this includes packaged exe files??
ie.
A-squared detected a file c:\testFolder\12345.exe/readme.exe as a trojan
The main 12345.exe is not malware but it has 3 files embedded that are malware.
Notice the /readme.exe embedded to 12345.exe. Does CAVs scans this way? CAV missed this file, this is why I’m asking.
Lets hope so. The online CIMA is great. The thing is that almost every AV rate suspicious files and give a generic name. I would like to know why CAVs rate a file susp same as CIMA you know. That way we can identify better if it is a FP or not.
:comodorocks:
I see your point, however main detection is packer because is the only heur tech implemented today in CIS. Lets hope for the best when CIMA gets implemented into CIS.
Ok, I don’t know concrete facts. But maybe they will improve packer detection like Avira did although I still don’t like it because sometimes it makes FPs on keygens and cracks.
I think packer detection is a great add-on to the heuristic… even if the FP’s need some work. It makes it harder for the virus makers, when all their favorite packers are detected and can’t be used to re-pack the viruses anymore to avoid detection. >:-D
Yes and no. A good heuristic detection without many FPs is possible and packer based heuristics don’t need as much ressources as an emulator / sandbox. But the problem is that it will always make more FPs at keygens and cracks as the other methods and so maybe users will get negligent and run a real virus because they think that it will be just a harmless crack. That’s why I don’t like much packer detection either.
