Conditions for scanners under VTC test procedure: ------------------------------------------------- In order to be automatically testable, a scanner must conform to the set of conditions listed below. The conditions are the essential basis for processing parallel test batches without manual intervention (some scanners used up to 18 hours for the file test). Moreover, automatic evaluation of huge scanner log files was performed with awk-scripts. We also regard those conditions to be fairly reasonable, not too restrictive, as well as being useful for both users and developers because they allow them to test it more easily. Several of the scanners in this test did NOT conform to those conditions. Very few even had to be withdrawn from the test, whereas some required "manual support". The task to test these non-conforming scanners was very difficult and time-consuming. Here is the list of conditions. A) Common conditions: --------------------- A1) The scanner must be able to create a report file. A2) The full path of the scanned files must be present in the report file. Long paths MUST NOT be abbreviated, e.g. by using "..." instead of several intermediate directory names. Shortening the file paths is acceptable when displaying them on the screen, but *not* in the report file. A3) The scanner must be able to run in "scan-only" mode. If its default mode is to disinfect automatically all viruses found, there should be an option to run it in "scan-only" (i.e., no disinfection) mode. A4) The scanner must be able to run unattended - and not to stop on each infected object and request user input. When scanning is completed, the scanner must be able to exit automatically and not wait for additional user intervention (including return keys). A5) The scanner must be able to run from the command line, scan a subdirectory tree (not just whole drives) and create a report file with a name and location supplied by the user. A6) If the scanner issues an audible alarm each time it detects a virus, there should be a way to turn the sound off. This is not necessary if the alarm is issued only once - at the end of the scanning, but the alarm should be able to stop on its own, i.e. without requiring user intervention. A7) The only limit of the size of the report file that the scanner creates must be the amount of free disk space. F) Conditions for testing AV-products against file viruses: ----------------------------------------------------------- F1) The report file must contain the directory path, the file name of the suspious or infected file. This condition matters only for testing file viruses. F2) The scanner must be able to scan files with extensions defined by the user, or at least be able to scan files with extensions COM, EXE, SYS, and BAT. F3) The scanner must be able to run without problems on a huge directory tree - i.e., something like 25,000 directories containing 60,000 files should not be a problem for it. F4) The scanner must not move all files which it regards as infected to another drive or a specified directory. F5) The scanner should be able to test objects on netdrives. B) Conditions for testing AV-products against boot viruses: ----------------------------------------------------------- B1) It should be possible to scan multiple diskettes without leaving the scanner. The scanner should prompt the user to change the diskettes. It must request ONE AND THE SAME input from the user between two diskettes, regardless of whether a virus is found or not. If the scanner does not have the option to scan multiple diskettes, it must have the option to append the results of the scanning procedure to an existing report. B2) The report file generated when scanning multiple diskettes must contain information about all the scanned diskettes - not only about the infected ones, or only about the last one. M) Conditions for testing AV-products against macro viruses: ------------------------------------------------------------ M1) The scanner must be able to scan macro viruses.