Abstract:

Multi-scanners systems have become increasingly prevalent. Anti-virus
companies, test and certification organizations, software vendors, and
corporate IT professionals are among the users and developers of
systems that employ multiple anti-virus products. One of the challenges
facing all of these users is the need to keep the anti-virus products
current. The process of automatically obtaining updates requires
verification of the signature files. Downloads may fail due to network
timeouts, signature files may be corrupted, or new signatures may have
defects preventing the detection of entire classes of viruses. This
paper will share techniques used by the authors in obtaining and
testing anti-virus signatures files in existing multi-scanner systems.
Functional examples include the use of Windows batch files techniques,
UNIX shell scripts and utilities that are freely available to the user.
The techniques presented are not claimed to be the best method, but
represent methods currently in use. It is hoped that this presentation
will encourage more active sharing of effective and best signature
retrieval and testing practices between users of multi-scanners systems.
Biography:

Randy Abrams
Randy Abrams has worked for Microsoft since 1993. Over the past 7 years
Randy has been responsible for the virus scanning systems used in the
final stages of the software release process to ensure clean code and to
detect potential false positives. Past AVAR conferences have seen Randy
present on topics such about testing anti-virus scanners and the use of
multi-scanner systems.
Andreas Marx
Andreas Marx has been involved in the antivirus industry since 1991. A WildList reporter since 1999, Andreas is currently the CEO of AV-Test.org where he has developed advanced methodologies for the testing of antivirus and security software. Andreas is also actively involved in virus analysis and security consultancy. In 2002 he earned his BSc in Business Information Systems from the Otto-von-Guericke-University Magdeburg and is currently working on his MSc.
Mary Landesman
Mary Landesman is a security consultant and guide for the antivirus.about.com website. Her work has been published in various industry publications, including Virus Bulletin and Network Security magazine. She also performs spyware testing and is a contributing author to PC World magazine.
Scripting AV signature File Updates and Testing
Randy Abrams (USA)
Operation Manager, Microsoft Corporation
Andreas Marx (Germany)
CEO, AV-Test GmbH
Mary Landesman
Antivirus.About.com


PC05























































Sponsors
Platinum Gold
Silver Bronze

Copyright 2004 AVAR. All right reserved
AVAR 2004 Conference Organizing Committee
E-mail : avar2004@aavar.org
Tel: +81 54 283 5327Fax: +81 54 283 5328