4 Replies Latest reply: Sep 22, 2013 10:35 PM by petersimmons RSS

    Number of detections in DAT file




      as of today, the VSE DAT file (version 7175) says it includes 668,629 detections.

      However, when exported to a text file using CSSCAN.EXE -virlist, the full list only has 108,634 items (including variants).

      Am I missing something?






      [Partial output]


      CommonShell Command Line Scanner Lite (VSCORE.


      Engine Version     : 5600.1067

      Engine Load Time   : 3760 milliseconds

      AV     DAT Version : 7175.0000   668629 detections   Built 22 August 2013


      Extra DAT          : 0 detections


      Please wait ... retrieving list of names from the Anti-Virus DAT

                1C/Tanga                      Virus

                1down3up                      Trojan

                4ArcadePBar                   Unwanted Object

                7AdPower                      Unwanted Object


        • 1. Re: Number of detections in DAT file

          Anyone? Actually, I'm quite surprised that this question was never asked before.

          • 2. Re: Number of detections in DAT file

            It's not a list of viruses, but a list of drivers so the number isn't a good representation of how many pieces of malware that the DAT's have in place.  Drivers have many detections.

            • 3. Re: Number of detections in DAT file

              Thanks for the explanation, appreciated.

              • 4. Re: Number of detections in DAT file

                It doesn't match viruses. We use it against a zoo filled with samples that number in excess of 50 million. Maybe even north of 100 million. I haven't seen accurate numbers lately (and they inflate by tens of thousands per day). The current DAT files are proof against that large corpus of viruses AND the fingerprints of stuff within GTI.


                On a side note trying to accurately measure the quantity of viruses is very troublesome. Do you measure files? Samples? Names? Categories? Types? Fingerprints? For example, we can write protection against something we don't have a sample for. We have samples but that doesn't include all variations. And certainly you can have a single virus attach itself to multiple files thereby creating new "samples". We had trouble figuring out these numbers back when we had 50K samples (circa 2005). Now we see that much in a single day.


                You ask an academically interesting question. The answer isn't easy and requires a lot of explanation. Even if you get an answer I'm not sure how useful it is to compare to anything else.