cancel
Showing results for 
Search instead for 
Did you mean: 

Is File Size an Indicator for Suspiciousness

Jump to solution

Hello community,

I have a tiny question: I read in a blog that virus scanner executables files with a small size generally classify as suspiciousness, is that really the truth?

I use a very powerful compiler called PureBasic which converts the source code into assembler code and the assembler FASM creates very small executables. As example here a link to as document which describes a small size SAP server application, only with 9.728 bytes. I can not imagine that the file size is really an indicator for suspiciousness.

Thanks for information.

Cheers

Stefan

1 Solution

Accepted Solutions

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hi Stefan,

You are assumptions are correct, size does not matter. From a Researcher standpoint, we look at the code and content of the sample to determine if it is malicious. Size is not an indicator if a file is suspicious.

Thank you,


DG

7 Replies

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hello community,

it seems that this question is from secondary importance. Is there a better forum here to discuss this kinds of questions?

Thanks for tips and hints.

Regards

Stefan

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 3 of 8

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

We mods not the best source to answer this I have emailed a lab tech to see if she can answer this

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Lab tech is on your case she will answer here soonish

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hi Stefan,

You are assumptions are correct, size does not matter. From a Researcher standpoint, we look at the code and content of the sample to determine if it is malicious. Size is not an indicator if a file is suspicious.

Thank you,


DG

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Thanks Desertgal

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hello Peacekeeper,

thanks for your efforts.

Cheers

Stefan

Highlighted

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hello desertgal,

thanks for your explanation.

Cheers

Stefan

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community