一条有意思的信息 这表示F-Secure有 Virustotal的参与吗~~!？？!!

iyinyt

我无意中在逛F-Secure的网站中发现一条很有意思的信息，如下

The detection of Suspicious:W32/Malware!Gemini by Virustotal's scan is equivalent to an automatic block by DeepGuard.

这是表示F-Secure的Gemini里面的有VT的库吗？

3) From the Virustotal Website

This detection can also be seen from the DeepGuard scanning engine used by Virustotal, a website to which files may be submitted for scanning by multiple antivirus engines.

From Virustotal's website:

"Virustotal.com is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines."

The detection of Suspicious:W32/Malware!Gemini by Virustotal's scan is equivalent to an automatic block by DeepGuard.


Action Needed: Submit a Sample
False positive samples may also be submitted to the Security Lab for further analysis via the Sample Analysis System (SAS). Please select the 'False positive' sample type during submis

地址：
http://www.f-secure.com/v-descs/ ... alware!gemini.shtml

bbs2811125

gemini会参考VT的扫描结果的意思吧

iyinyt

bbs2811125 发表于 2012-10-11 20:30
gemini会参考VT的扫描结果的意思吧

我就是这里不解，这里参考到底是个怎样的标准呢？因为我找到了一些样本VT不报，FS的Online报~
https://www.virustotal.com/file/ ... nalysis/1349957428/

蓝核

我觉得毕竟VT是参考吧

crystalsong08

iyinyt 发表于 2012-10-11 20:33
我就是这里不解，这里参考到底是个怎样的标准呢？因为我找到了一些样本VT不报，FS的Online报~
https:/ ...

图挂了我看不到 但是你标的红字翻译过来就是被FS的Gemini引擎检测到的可以样本 同样可以被FS的DG自动阻止

这个词很有意思 FS遇到不确定的程序 会弹出框来询问 如 “系统修改尝试” 被“自动”阻止的都是FS认为有害的程序

所以一种理解可能是

1 DG"自动"拦截的文件会被Online引擎报 可能这一部分无需查询VT引擎 因为FS的DG引擎融合在扫描里面
2 通过VT查询文件检测率 高于特定的引擎数目报毒的话报可疑的文件