Virus Scan Throughput

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Can anyone provide me with the amount of time that it takes
to virus scan a single file in terms of multiples of the
times that it takes to read this same file?

I am estimating that this measure should somewhat compensate
for differences in hardware and file sizes, but, not
compensate for differences in anti-virus vendors. To account
for the vendor specific differences I would like anything
from estimated range guesstimates to actual benchmark
results of specific vendors.




Re: Virus Scan Throughput



Quoted text here. Click to load it

It would also vary with what is being looked for, whether the scanner
uses emulation for that virus and how long the emulator allows the
suspect program to execute. Some viruses may be identified in less time
than it takes to read the entire file and other viruses may require that
it takes many times as long as that.



Re: Virus Scan Throughput




Quoted text here. Click to load it

What I need is numbers, even if they are guesstimates. Let's
start with my guesstimate and see if we can validate it
and/or refine it:
I guess that virus scanning takes between three and ten
times as long as it takes to read the file. Does this seem
reasonable?

Does it ever take more or less than this?



Re: Virus Scan Throughput

NoSpam@SeeScreen.com says...
Quoted text here. Click to load it

What if the virus scanner only has to read part of the file to identify
the signature? Many firewall appliances that scan in real time for
malware only read the first xxxx bytes of any file.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Virus Scan Throughput


Quoted text here. Click to load it

Although the scan will be in real time in the application of
interest, we probably must assume that it scans the entire
file because the scan must be exhaustively complete.  So is
three to ten times file read time a reasonable range
guesstime in this case?

Quoted text here. Click to load it



Re: Virus Scan Throughput

NoSpam@SeeScreen.com says...
Quoted text here. Click to load it

Why assume?

Based on many of the applications I've seen, they can scan for a
signature, which is significantly smaller than an entire file.

In this case, it's less time than reading an entire file.


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Virus Scan Throughput

Quoted text here. Click to load it

Every virus has its own patterns. If you want to discover virus, you
must search its patterns. Some patterns are on the top, some in the
middle, and some virus must contains dozen patterns to discover it...
When you run the antivirus on a single file than the virus patterns
are search using virus database which antivirus contains. Some can be
found really really fast, some takes some time and some are not even
in the database yet. I hope this answer helps :)

Re: Virus Scan Throughput

In article <271aa2c2-064e-4fa0-a632-
720c59fc400b@c37g2000yqi.googlegroups.com>, processor.dev1l@gmail.com=20
says...
Quoted text here. Click to load it

It wasn't my question and your Usenet interface doesn't properly quote=20
and snip signatures.

--=20
You can't trust your best friends, your five senses, only the little=20
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Virus Scan Throughput




Quoted text here. Click to load it

No, what you really need to do is to understand the issue.

Quoted text here. Click to load it


No, it depends on what kind of virus is being looked for in what type of
file. Just as a 'for instance' - a virus prepended to a batch file can
be detected (and identified) by reading only the first part of the file,
while an executable file with an encrypted fragmented cavity infector
may take some time in emulation to expose the actual virus body - and
then identification can beginin earnest.
Quoted text here. Click to load it

Yes, and yes.

What are you trying to achieve?



Site Timeline