Serious Discussion Xylent Antivirus

Shadowra

Level 34
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,357
Hello :)

In my queries for the past few days, I've had a totally unknown AV pop up, asking me for a test.
It's Xylent.

I quickly looked into it, and it was untestable.
There have been corrections, so it deserves its own topic.

Still quickly, it uses ClamAV, YARA and its own rules based on MD5/SHA1 .
On installation, Xylent still doesn't launch anything! You have to launch the interface and its engine (which will quickly take up 3GB of RAM!!).
(coded by @XylentAntivirus )

1.png 2.png

I decide to test it... obviously, Xylent's analysis doesn't work... It runs in a vacuum...

3.png

I take some old malware from a pack and some old malware just to see...
4.png 5.png

On the Zombie virus, no reaction...
On another malware, reaction after .... 7 minutes!

And on Cerber5 Ransomware, it tries to kill the Ransomware... problem, it's already acted!

6.png

I stopped the test straight away because it was useless.
There are several problems, which I will explain:

- Xylent uses an MD5 and SHA1 database. All the malware needs to do is change one byte to bypass the protection. An MD5 comparison is obsolete and useless.
- It loads its entire database into memory, occupying CPU and RAM to death (I've got a Ryzen 7 7700X, and it was constantly busy).
- The software is coded entirely in VbNet, which is totally unacceptable for an antivirus! Possibly the interface (Bitdefender & Kaspersky do this) but the rest MUST be coded in C or C++.
- No drivers (I can kill it with no problem)
- Very slow actions (you can see it)
- Totally covered in bugs (a console next to the interface? ), the fact that it launches nothing so on restart no protection, and why do you have to launch the engine manually?

I think this project clearly deserves a re-code, because it's just not right.
 

Bot

AI-powered Bot
Apr 21, 2016
3,672
Hello,

Thank you for your detailed analysis of the Xylent Antivirus. Your points are valid, and it seems like the software needs significant improvements. Your feedback is crucial for the developers to understand the user perspective and make necessary changes.

The use of MD5 and SHA1 databases, the high CPU and RAM usage, the coding language, and the lack of drivers are definitely areas of concern. The developers should also work on the slow response times, bug fixes, and automatic engine launch for better user experience.

Let's hope the developers take note of your feedback and work on improving their software.
 

XylentAntivirus

Level 2
May 9, 2024
53
Hello :)

In my queries for the past few days, I've had a totally unknown AV pop up, asking me for a test.
It's Xylent.

I quickly looked into it, and it was untestable.
There have been corrections, so it deserves its own topic.

Still quickly, it uses ClamAV, YARA and its own rules based on MD5/SHA1 .
On installation, Xylent still doesn't launch anything! You have to launch the interface and its engine (which will quickly take up 3GB of RAM!!).
(coded by @XylentAntivirus )

View attachment 283346 View attachment 283347

I decide to test it... obviously, Xylent's analysis doesn't work... It runs in a vacuum...

View attachment 283348

I take some old malware from a pack and some old malware just to see...
View attachment 283349 View attachment 283350

On the Zombie virus, no reaction...
On another malware, reaction after .... 7 minutes!

And on Cerber5 Ransomware, it tries to kill the Ransomware... problem, it's already acted!

View attachment 283351

I stopped the test straight away because it was useless.
There are several problems, which I will explain:

- Xylent uses an MD5 and SHA1 database. All the malware needs to do is change one byte to bypass the protection. An MD5 comparison is obsolete and useless.
- It loads its entire database into memory, occupying CPU and RAM to death (I've got a Ryzen 7 7700X, and it was constantly busy).
- The software is coded entirely in VbNet, which is totally unacceptable for an antivirus! Possibly the interface (Bitdefender & Kaspersky do this) but the rest MUST be coded in C or C++.
- No drivers (I can kill it with no problem)
- Very slow actions (you can see it)
- Totally covered in bugs (a console next to the interface? ), the fact that it launches nothing so on restart no protection, and why do you have to launch the engine manually?

I think this project clearly deserves a re-code, because it's just not right.
Actually it didn't use hashes in latest version (less than 500mb). Your critique is very important. I now updating new version but issue might not going to fixed but more less false positives. Until issues fixed it's should be only use as scanner..
 

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,419
Hi @XylentAntivirus

I have some questions for you

1. Which Scan Engines did you use

2. Will you add these to virustotal

3. Any infso for the multilanguage Version

4. And where can we download then File

5. And how can we submit samples to you for checking

6. Have that a quarantäne when yes can we send the Files directly out of from the quarantäne to you

7. On which Windows Versions did it works

Mops21
 
Last edited:

XylentAntivirus

Level 2
May 9, 2024
53
Hi @XylentAntivirus

I have some questions for you

1. Which Scan Engines did you use

2. Will you add these to virustotal

3. Any infso for the multilanguage Version

4. And where can we download then File

5. And how can we submit samples to you for checking

6. Have that a quarantäne when yes can we send the Files directly out of from the quarantäne to you

7. On which Windows Versions did it works

Mops21
1) ClamAV engine. My own engine.
2) You probably mean add this antivirus to virustotal or just whitelist my antivirus. Maybe in feature.
3) There no multilanguage right now. Even if Turkish but I going to add them in feature probably.
4) Xylent At there but I removed real-time scanner and now redesigning this antivirus.
5) You can submit samples to ClamAV team or my mail addresses
6) It's now going to optional scanner so quarantine is more usable than real time protection edition.
7) Minimum Windows 8.1 but if you compile yourself you can compile it at Windows 7.
It's still better than ClamAV but I want to make it better. Otherwise no one going to use this AV also right now it looks like hobby project instead of serious one. I should fix this.
 

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,419
1) ClamAV engine. My own engine.
2) You probably mean add this antivirus to virustotal or just whitelist my antivirus. Maybe in feature.
3) There no multilanguage right now. Even if Turkish but I going to add them in feature probably.
4) Xylent At there but I removed real-time scanner and now redesigning this antivirus.
5) You can submit samples to ClamAV team or my mail addresses
6) It's now going to optional scanner so quarantine is more usable than real time protection edition.
7) Minimum Windows 8.1 but if you compile yourself you can compile it at Windows 7.
It's still better than ClamAV but I want to make it better. Otherwise no one going to use this AV also right now it looks like hobby project instead of serious one. I should fix this.
Hi @XylentAntivirus

Thank you very much for your infos

8. Can you say for samples to submit to ClamAV Team and your email adresses

9. Will you send the Files to ClamAV from you or have you a contact email from ClamAV Team

10. I don t find the Download your App on the page did not find can you assist me for that please

Mops21
 

XylentAntivirus

Level 2
May 9, 2024
53
Hi @XylentAntivirus

Thank you very much for your infos

8. Can you say for samples to submit to ClamAV Team and your email adresses

9. Will you send the Files to ClamAV from you or have you a contact email from ClamAV Team

10. I don t find the Download your App on the page did not find can you assist me for that please

Mops21
8) You can submit samples by sharing them at github with mailing me at kongom332@gmail.com or just DM me at Discord.
9) I have contact email with ClamAV also talking with them at discord 10)Currently I redesigned antivirus and now it's inceridably fast and for cross platforms.
 

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,419
8) You can submit samples by sharing them at github with mailing me at kongom332@gmail.com or just DM me at Discord.
9) I have contact email with ClamAV also talking with them at discord 10)Currently I redesigned antivirus and now it's inceridably fast and for cross platforms.
Hi @XylentAntivirus

Thank you very much for your infos

11. Have you any Download Link for your Software please post it

Mops21
 

Trident

Level 29
Verified
Top Poster
Well-known
Feb 7, 2023
1,812
Virusshare is only alternative for me but Sophos database is very good. Also they have too many benign files. I need benign files. Currently I have 17k benign files and 34k malicious verified files.
You certainly do need benign files, and hope the collection helps improve your detection. Maybe you can use Gradient-boosted machine learning.
It is possible to have benign files marked as malicious on VirusShare and it will decrease your models efficiency.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top