Topic: Best AV for sample naming?

I'm trying to grow my collection outside of the samples provided to me by VX Heavens, and I'm wondering... what AV does everyone use for sample naming?

The only info I could find online dated back to the DOS days. I grabbed a copy of Kaspersky Security Scan (basically only the scanner portion of their AV, doesn't remove files at all) and it seems to work well, though I wish it would dump to a log file so that I could have another program auto-read the log and rename samples and such.

Are there any virus management programs that still work on newer Windows? If not I might have to write something up, its getting annoying managing everything by hand...

Thanks!!  tongue

My crime is that of outsmarting you, something you will never forgive me for.

Thumbs up Thumbs down

Re: Best AV for sample naming?

weebz wrote:

I'm trying to grow my collection outside of the samples provided to me by VX Heavens, and I'm wondering... what AV does everyone use for sample naming?

The only info I could find online dated back to the DOS days. I grabbed a copy of Kaspersky Security Scan (basically only the scanner portion of their AV, doesn't remove files at all) and it seems to work well, though I wish it would dump to a log file so that I could have another program auto-read the log and rename samples and such.

Are there any virus management programs that still work on newer Windows? If not I might have to write something up, its getting annoying managing everything by hand...

Thanks!!  tongue

Why don't you be the one to write a modern virus sorter?  tongue

----
JPanic - Johnny Panic
Ex Immortal Riot/Genesis, NOP, Team MiSSiON
@JPanicVX on Twitter

Thumbs up Thumbs down

Re: Best AV for sample naming?

JPanic wrote:

Why don't you be the one to write a modern virus sorter?  tongue

True, I'll take a shot at it I suppose. I think I'm going to use ClamAV as an antivirus for sample names. It doesn't have the best detection rates or sample names but its free, open source, and dumps to log files which is exactly what I need.

I could always add in support for other AV's log files, hmmm.. we'll have to see how this goes.

My crime is that of outsmarting you, something you will never forgive me for.

Thumbs up Thumbs down

Re: Best AV for sample naming?

Microsoft has good sample naming. Since they rely heavily on emulation, they often reach the depacked malware and can give more precise names.

Re: Best AV for sample naming?

In my opinion KAV has the best name style of ever.

If you pretend to go deep into ClamAV or any other AV, maybe you could reverse the KAV definition files and get the signature of virus as well as the virus name.
I think Z0mbie did something like this (the reverse part) in 2000s.

cheers!

Thumbs up +1 Thumbs down