Jingyun Antivirus, free multi-engine antivirus

[roger_m]

I just came across this antivirus. It uses multiple scan engines including Tencent's TAV Engine and uses both local and cloud signatures. The detection rate does not seem to be that good, but it can automatically upload suspicious files to the cloud for analysis.

There is a download link in the second link below. Although the website says it is a trial version, it has been listed on Chinese download sites as being freeware and it does appear to be the full version with no limitations.

Beijing Yongsoft Inc.

辰信领创官网

 

[Thirio]

Sounds interesting. Never heard of this before. Looks like it's using Tencent engines + Zillya signatures + Matrix AI engine.

 

[roger_m]

Sounds interesting. Never heard of this before. Looks like it's using Tencent engines + Zillya signatures + Matrix AI engine.

The ZAV engine is their own, not Zillya''s. This is good, since Zillya has major issues with false positives.

 

[Thirio]

Just speculating here, but maybe it's using Baidu? Tried matching a signature detection on virustotal with ctrl+f and Baidu was the closest similarity.

Spoiler: Spoiler

 

[roger_m]

Just speculating here, but maybe it's using Baidu?

As far as I can tell, it's their own engine.

 

[Jerry.Lin]

Don't use it. It seems stop maintenance two years ago.

 

[roger_m]

Don't use it. It seems stop maintenance two years ago.

It seems that is is still receiving definition updates.

 

[Jerry.Lin]

It seems that is is still receiving definition updates.

Right... How is it detection rate now? I'd tested it long ago and it's very poor...

 

[alakazam]

It looks suspicious to me. Lots of features and a proprietary engine developed from scratch and they're offering the product for free?

 

[roger_m]

Right... How is it detection rate now? I'd tested it long ago and it's very poor...

It's still not that good. But, I'm only using it to test it, not as my main antivirus. As I mentioned in my first post, it submits suspicious samples to the cloud for analysis. In theory this should help with detection rates, once files have been analysed. However, it does not show a record of what files it uploads, unlike 360 TS or Comodo for example, so I have no idea what (if anything) get uploaded. With 360 TS for example, it shows what files it has uploaded and gives a verdict on them within 24 hours.

So far there have been no database updates, other than initial one after installing it. I scanned a folder containing malware this morning and there were 4 files detected, that were missed yesterday.

When I installed it yesterday and ran a quick scan, it detected a lot of malware in a folder of malware on my desktop. When I ran a context menu scan of the same folder removing all the threats, it found a few hundred more threats, that had been missed in the quick scan.

Edit: It has updated now. It looks like they only update their definitions once a day.

 

[roger_m]

Jingyun's cloud analysis of unknown samples is working. When I installed this four days ago, I scanned a very large malware pack with it and the detection rate was not very good. I've been scanning the same malware collection every day, to see if they added detection for some of the unknown samples, as it uploads suspicious files to the cloud for analysis. This morning, another 963 threats were detected. I ran another scan just now and 3 more were detected. The threats were detected by Jingyun's cloud engine.

Even with the extra threats detected today, the detection rate is still not good. But it's good to see that they do add detection for some unknown threats, even if takes time.

The local signatures are updated just about every day.

 

[roger_m]

They are continuing to add detection for unknown samples. It's now twelve days since I installed and in that time they've added detection (via their own cloud engine) for over 2,500 samples from a large malware pack that I scanned after installing it.

 

[alakazam]

No download link available on their site?

 

[Mahesh Sudula]

Just speculating here, but maybe it's using Baidu? Tried matching a signature detection on virustotal with ctrl+f and Baidu was the closest similarity.

Spoiler: Spoiler

View attachment 213391

Chinese vendors have similarities, and most importantly exchange of the samples might have taken place,, so similar close detection names.

Jinguyn, Baidu, Tencent, Qihoo, Rising, CMC.... So on...

 

[roger_m]

No download link available on their site?

There is on the following site, as I explained in my original post.

辰信领创官网

http://u.v-secure.cn/client/jyprivate/2.4/JingyunSd_Setup_2.4.2.39.exe

 

[marcopaone]

Nice backdoor

 

[roger_m]

I've had this installed on a test computer for a few months now. The cloud scanning is very unreliable. Sometimes when you run a scan, it fails to detect files that it had previously detected. However, they are still adding signatures for threats missed from a large malware pack that I scanned after I first installed it. More than 99% of the missed threats, that have later been detected, are detected by the cloud engine, rather than local signatures.

While it's not a very good antivirus, there are a few things which stand out. You can get it to prompt you when a threat is detected and let you choose what action to take. You can change the level of protection, to get better performance, or better protection, but less system performance. You can also change the scan priority, to choose between faster scan speeds, or slower scans, to reduce system performance less.

I wish all antiviruses would have such options. I despise auto quarantine.

 

[roger_m]

After having not been updated for a few years, v4.0.1.1445 was released last month. It has more real-time protection modules, as you can see in the screenshot.

It no longer uses Tencent signatures, but still has the other scan engines and the detection rate from its own engines has improved. The ZAV scan engine has been renamed to V-Hunter. Sometimes (as with the previous version) it fails to download signature updates, but it still has up to date cloud protection.

Edit: This is the download link. http://u.v-secure.cn/client/jyprivate/2.4/JingyunSd_Setup_4.0.1.1445.exe

辰信领创官网

 

[Behold Eck]

A new toy to play with and maybe less FP`s now that they`ve ditched Tencent ?

Thanks for the update Roger.

Regards Eck

 

[roger_m]

A new toy to play with and maybe less FP`s now that they`ve ditched Tencent ?

It still has minor issues with false positives. In general it is unreliable, I presume due to a poor connection to their servers. As a result sometimes when running a scan, some threats will be missed, but will be detected on subsequent scans. However one thing of note is that the cloud analysis of unknown threats is working. When I first installed it and scanned a very large malware pack, it only detected just over half the threats. Over time they have added signatures for the vast majority of the missed threats. As a result, over time the detection rate for the large malware pack has become similar to that of big name antiviruses. It's taken time, but they continue to add signatures for missed threats.