We currently collect malware found on our honeypots and test various scanners against it. It can be quite amazing or shocking to see the results.
Scanners used:

• Authentium (commercial)
• BitDefender (free for personal use)
• Clam Anti-Virus Scanner (free)
• eTrust (commercial)
• Fortinet (commercial)
• F-Prot Antivirus (free for personal use)
• F-Secure Anti-Virus (commercial)
• AVIRA Antivir (free for personal use)
• Kaspersky (commercial)
• NOD32 (commercial)
• Norman Virus Control (commercial)
• Sophos SWEEP (free for personal use)
• Trend Micro VSCAN (commercial)
• VirusBlokAda (commercial)
• VirusBuster (commercial)

All scanners are updated to their most recent virus definition files. For security reasons we test those files on *nix plattforms.

Our archive contains unique malware samples. Remember - those files are real virii found in the wild RIGHT NOW!

12.05.2006 addition
Somebody took this ‘right now’ timestamp too serious, and linked us as a source on a german news page, the results here are about 6 month old (!), everybody can see this when checking the pages history, last things changed were company names.

Problem is, we got too many samples, and scanning them takes ... a lot of time

So, enjoy the lag, and complain with the news articles author about it.

Maybe you want to check

• http://166.61.231.56:8080/HVT/
• http://nepenthes.csrrt.org:10080/nepenthes/
• http://nepenthes.emre.de/
• http://www.av-comparatives.org/

instead, as they offer realtime data.

clamscan $FILESDIR

----------- SCAN SUMMARY -----------
Known viruses: 41469
Engine version: 0.87.1
Scanned directories: 1
Scanned files: 4987
Infected files: 3561
Data scanned: 632.95 MB
Time: 173.756 sec (2 m 53 s)

ClamAV got 3561 files out of 4987 which would give a result of about 71,41%

antivir --allfiles --scan-in-archive $FILESDIR

------ scan results ------
   directories:        1
 scanned files:     5103
        alerts:     4939
    suspicious:        0
      repaired:        0
       deleted:        0
       renamed:        0
     scan time: 00:02:03
--------------------------
Thank you for using AntiVir.

Antivir got 4939 files out of 4987 which would give a result of about 99,04%

sweep -f -all -nremove -archive $FILESDIR

4987 files swept in 14 minutes and 34 seconds.
1 error was encountered.
3423 viruses were discovered.
3420 files out of 4987 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
End of Sweep.

Sophos got 3420 files out of 4987 which would give a result of 68,58%

bdc --all --arc --nor $FILESDIR

Results:
Folders           :3
Files             :5104
Packed            :0
Archives          :33
Infected files    :4794
Suspect files     :5
Warnings          :0
Identified viruses:1281
I/O errors        :0
Files/second      :19
Scan time         :00:04:23

BitDefender got 4799 files out of 4987 which would give a result of about 96,23%

f-prot $FILESDIR -ai -collect -archive=3 -packed

Results of virus scanning:

Files: 4987
MBRs: 0
Boot sectors: 0
Objects scanned: 5117
Infected: 1329
Suspicious: 3360
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 13:38

F-Prot got 4689 files out of 4987 which would give a result of about 94,02%

This scanner is a striped down version, so the output is without bells and whistles. Patternfiles and Engine are the same as in the actual productive version.

/opt/fortinet/vscanner -s $SIGNATURE -V $FILESDIR

/root/fortinet/vscanner found 4353 infected files.

Fortinet got 4353 files out of 4987 which would give a result of about 87,29%

This scanner is a striped down version, so the output will be without bells and whistles. Patternfiles and Engine are CPR Versions which are testing releases.

vscanss -NM -NB -NC $FILESDIR

4987 files have been checked.
 Found 3800 files containing viruses.

Trend Micro got 3800 files out of 4987 which would give a result of about 76,19%

/opt/kav/bin/kavscanner -i0 -okav.log $FILESDIR

As there is no summary provided by this scanner we can only grep some logfiles for infected Files.

$ grep INFECTED kav.log | wc
   4244   25464  446403

Kaspersky got 4244 files out of 4987 which would give a result of about 85,10%

/opt/vbscan-1.2.1-4.2.10-Linux/vbscan --sfx --all-files --action=skip $FILESDIR

Summary of scanned objects' types
---------------------------------
 files (total)       |     4987
   in archives       |       99

Summary of malware pieces found
---------------------------------
 virus               |     3721
 trojan              |      222
 mutant              |      169
 iworm               |        4

Summary of actions taken on alert
---------------------------------
 skipped             |     4116

VirusBuster got 4116 files out of 4987 which would give a result of about 82,53%

nvcc -sb:1 -cl:0 -u $FILESDIR

4677 possible infections found.
0 archives unpacked, 4987 files found.
4987 files, 664180 kbytes scanned.

Total scanning time: 18 min. 23 secs.
602 kbytes per second.

Norman got 4677 files out of 4987 which would give a result of about 93,78%

/opt/f-secure/fsav/bin/fsav --archive $FILESDIR

Scan ended at Wed Dec 21 16:09:54 2005
4987 files scanned
4243 files infected
7 files suspected

F-Secure got 4250 files out of 4987 which would give a result of about 85,22%

vbacl -ar+ -ha=1 $FILESDIR

Directories       : 3       Files in archives:      Files on disks:
Archives:                   - total       : 98      - total       : 4987
- scanned         : 14      -  scanned    : 98      - scanned     : 4987
- contain viruses : 12      -  infected   : 22      - infected    : 4459
- deleted         : 0       -  suspected  : 1       - suspected   : 287

Startup    : 16:12:13 21-12-2005
End        : 16:59:01 21-12-2005
Total time : 00:46:48

VBA32 files out of 4987 which would give a result of about 95,17%

/opt/nod32/usr/sbin/nod32 --base-dir /opt/nod32/var/lib/nod32/ --no-subdir --action none -w $FILESDIR

Scanning finished at 23:12:27, total time: 2744 sec (0:45:44)
Total files:    5078
Infected files: 3494
Cleaned files:  0
Active files:   0

NOD32 got 3494 files out of 4987 which would give a result of about 70,06%

/opt/authentium/usr/bin/csav -ai -collect -packed $FILESDIR

Results of virus scanning:

Files: 4987
MBRs: 2
Boot sectors: 8
Objects scanned: 5127
Infected: 1329
Suspicious: 3360
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 37:29

Authentium got 4689 files out of 4987 which would give a result of about 94,02%

/opt/CA/eTrustAntivirus/ino/bin/inocmd32 $FILESDIR

Total Files Scanned:             4987
Total Viruses Found:             3190
Total Infected Files Found:      3190
Total Archives Scanned:          5
Total Files in Archives Scanned: 82
Scan Mode:                       Secure

eTrust got 3190 files out of 4987 which would give a result of about 63,97%