What does it do?

VGrep is a system produced in an attempt to clear up some of the confusion surrounding the naming of viruses. It works by running scanners across a large collection of virus-infected files, and parsing their output into a simple text database.

What it does not do

VGrep is not intended to be used to compare the detection rates of scanners. This is a more complex task, and is handled by Virus Bulletin's comparative reviews.

Neither can VGrep provide any information about the virus, other than the various names for it. However, once you have found the correct name in VGrep, you will be able to find more information about that virus elsewhere.

Why do we need VGrep?

We need VGrep because, without the correct name, it may prove very difficult to access accurate information about a virus and its effects.

Virus names are so confused for two reasons - the nature of the viruses themselves and the way in which the anti-virus industry works.
The first is perhaps the most obvious - many viruses have nothing particularly unique about them, which can make naming them rather difficult.
The second point is probably more important, however. When an anti-virus company receives a sample of a new virus, its primary objective is to incorporate detection of that virus into its product. The virus researchers don't have time to worry about what to call it immediately, so they instruct the product to refer to it as (for example) 'Fred'. Later, they may conclude that the virus should, in fact, be called 'Jerusalem.Australian.Fred.1089'. Many companies change their products accordingly, however there remains a great deal of confusion.

VGrep allows simple cross-referencing between some of the more popular AV products. Click here for information on how the lists are produced.

More details:

VGrep's input and output

Which products are indexed?

Technical details

Poll

Should AV software check search engine results for malicious sites even before the user clicks on them?
Yes
No
I don't know

Leave a comment
View 8 comments
Jobs Career Sidebar

Virus Bulletin

In this month's magazine:
  • A commitment to quality and reliability
  • The road less truvelled: W32/Truvel
  • New memory persistence threats
  • Reversing Python modules
  • Advertising database poisoning
  • Sunbelt Software VIPRE Antivirus + Antispyware
  • Spear phishing – on the rise?
Virus Bulletin 07 2008
Subscribe now!
Virus Bulletin currently has 129,051 registered users.