===================================
File 4TSTCON.TXT
Conditions for scanners to conform 
         with VTC test procedure:
===================================
Formatted with non-proportional font (Courier)
Remark: Test conditions: NO changes since VTC test "2001-04"


In order to be testable under VTC test conditions, a scanner must 
conform to the set of conditions listed below. These conditions are
the essential basis for processing parallel test batches without 
manual intervention. Moreover, automatic evaluation of huge scanner 
log files are performed with awk-scripts. We regard these conditions 
to be fairly reasonable, not too restrictive, as well as being useful 
for both users and developers because they allow them to understand
and analyse VTC tests more easily.

Several of the scanners in this test did NOT conform to those 
conditions. Very few even had to be withdrawn from the test, whereas 
several required "manual support". The task to test such non-conforming 
scanners is very difficult and time-consuming.  

Here is the list of conditions:

    A) Common conditions (AA-AB, A1-A9)
    F) Conditions for tests against file viruses (F1-F3)
    B) Conditions for tests against boot viruses (B0,B1,B1a,B2)
    M) Conditions for tests against macro viruses (M1-M2)
    W) Conditions for tests against malware (W1)
    P) Conditions for testing virus detection in packed files (P1)


A) Common conditions:
---------------------
AA) Essential parameters or options under which the scanner produces
    optimum detection results should be available to the tester. 

AB) The scanner must perform its detection tasks within reasonable 
    time, compared to similar products.

A1) The scanner must be able to create a report file in a specified 
    directory (at least not on that drive where viruses are located).  

A2) The full path of scanned files must be present in the report
    file. Long paths MUST NOT be abbreviated, e.g. by using "..." 
    instead of several intermediate directory names. Shortening file
    paths is acceptable when displaying them on the screen, but 
    *not* in the report file.

A3) The scanner must be able to run in "scan-only" mode. If its 
    default mode is to disinfect automatically all viruses found, 
    there must be an option to run it in "scan-only" (i.e., NO 
    disinfection) mode.

A4) The scanner must be able to run unattended - and they must NOT
    stop on each infected object and request user input. When 
    scanning is completed, the scanner must be able to exit auto-
    matically and not wait for additional user intervention 
    (including return keys).

A5) The scanner must be able to run from the command line (DOS 
    versions only), scan a subdirectory tree (not just whole drives) 
    and create a report file with a name and location supplied 
    by the tester.

A6) If the scanner issues an audible alarm each time when it detects 
    a virus, there must be a way to turn the sound off. This is not
    necessary if the alarm is issued only once - at the end of the
    scanning, but the alarm should be able to stop on its own, i.e.
    without requiring user intervention.

A7) The only limit of the size of the report file that the scanner
    creates must be the amount of free disk space.

A8) The scanner must be able to test objects on netdrives and obey
    the given user rights (i.e. read only, access denied).

A9) The scanner must not move any file which it regards as infected
    to another drive or a specified directory.



F) Conditions for tests against file viruses:
---------------------------------------------
F1) The report file must contain the directory path and the file name 
    of the suspious or infected file.

F2) The scanner must be able to scan files with extensions defined 
    by the tester, or it must at least be able to scan files with 
    extensions COM, EXE, SYS, BAT and CMD.

F3) The scanner must be able to run without problems on a huge
    directory tree - it should not be a problem to handle around
    30,000 directories containing 100,000 files.

    Remark: these conditions apply also to tests of special file
    file viruses, such as of selected Polymprphic and VKit viruses.
 

B) Conditions for tests against boot viruses:
---------------------------------------------
B0) The scanner must be able to scan under SIMBOOT.

B1) It should be possible to scan multiple diskettes without 
    leaving the scanner. The scanner should prompt the tester to 
    change the diskettes. It must request ONE AND THE SAME input from
    the tester between two diskettes, regardless of whether a virus 
    is found or not. If the scanner does not have the option to scan
    multiple diskettes, it must have the option to append the results
    of the scanning procedure to an existing report.

B1a) If the scanner doesn't work with Simboot, it must be able to 
    scan the images directly.

B2) The report file generated when scanning multiple diskettes must
    contain information about all scanned diskettes - not only about
    the infected ones, and not only about the last one.


M) Conditions for tests against macro viruses:
----------------------------------------------
M1) The scanner must be able to scan macro viruses.

M2) The report file must contain the directory path, the file name 
    of the suspious or infected file.


W) Conditions for tests against malware:
----------------------------------------
W1) The scanner must be able to scan for any file including non-self
    replicating malware such as trojan horses, virus droppers, first
    generation viruses, (network) worms, hostile applets etc.


P) Conditions for testing virus detection in packed files:
----------------------------------------------------------
P1) The scanner must be able to scan for viruses in files compressed
    with ZIP, ARJ, LHA and RAR.
    Added in Test "2001-02": WinRAR and CAB.

Q) Conditions for other classes of viruses:
-------------------------------------------
   In test "2000-08": testbed for script viruses (VBS, JS, mIRC) added.
   Same conditions as for macro viruses apply.

   In test "2001-04": testbed for exotic viruses (OS/2, Linux, Java) added.
   Same conditions as for macro viruses apply.

 
