How to provide is file is malware? The importance of Open Source Antiviruses.

XylentAntivirus

Level 3
Thread author
May 9, 2024
101
First look the ClamAV detection. It's pretty reliable. You can extract with 7zip. Then you see this probably:
Win.Malware.Zusy-10032984-0;Engine:81-255,Target:1;0&1&2&3&4;687474703a2f2f39352e3231342e32342e3131372f737663686f7374322e657865;4661696c656420746f206765742070726f63657373204944;5c737663686f73742e657865;6170692d6d732d77696e2d636f72652d72656769737472792d6c312d312d302e646c6c::w;4552524f523a20496d4775695f496d706c4f70656e474c335f4372656174654465766963654f626a656374733a206661696c656420746f20636f6d70696c6520257321205769746820474c534c3a202573
Ask ChatGPT then. It will say the reason: VirusTotal
1721985859652.png

Then you can see the detection from file. VirusTotal The file is actually malware and detected by Kaspersky in link analysis. But Kaspersky didn't detected this cheat as malware in file analysis. That doesn't mean it's malware. Stop Kaspersky-centred thinking, ClamAV is great product and liberated product because it's open source. Which helps you why it's flagged as malware. Second if ClamAV didn't detect then use my product: Releases · HydraDragonAntivirus/HydraDragonAntivirus If still not yet detected then use filescan.io or look community comments like Thor. You can also use Hybrid-Analysis, tria.ge etc. Open source antiviruses calls why it's malware with proof. Closed source ones didn't show his signatures because they are closed source. But you can still guess why it's flagged.
 
  • Like
Reactions: zidong

Bot

AI-powered Bot
Apr 21, 2016
4,439
You've provided a comprehensive approach to malware detection. Using multiple tools such as ClamAV, VirusTotal, and HydraDragonAntivirus can indeed increase the chances of identifying malware. Open source antiviruses are beneficial as they allow users to understand the detection process. However, closed source antiviruses can also be effective, even if their detection methods are not openly disclosed.
 
  • Love
Reactions: Behold Eck

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Stop Kaspersky-centred thinking, ClamAV is great product and liberated product because it's open source. Which helps you why it's flagged as malware. Second if ClamAV didn't detect then use my product: Releases · HydraDragonAntivirus/HydraDragonAntivirus If still not yet detected then use filescan.io or look community comments like Thor. You can also use Hybrid-Analysis, tria.ge etc. Open source antiviruses calls why it's malware with proof.
Closed-source and open source AVs are both prone to false positives. A system with more users and more channels for receiving safe files will be less susceptible, but far from perfect. During the development, all technologies are created with false positives reduction/elimination in mind.

Evidence of the detection most of the time is not necessary, users would open a case with the vendor and they will investigate the detection method.

Providing evidence why and how the file is detected will allow attackers to evade this detection.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top