Professional Documents
Culture Documents
as 'in the wild' according to the upper part of the Wild List. As
new viruses are discovered all the time, the Wild List used is
the one which was current two months prior to the date of the
certification test.
2. Certified products must still detect a minimum of 90% of the ICSA
virus 'Zoo', made up of samples of some of the 6000+ other
viruses known.
These tests are carried out with the product running its default mode
of operation, with the exception of using any appropriate logging
facilities.
------------------------Certification Maintenance
------------------------Once a product is certified, ICSA will attempt to recertify the
product a minimum of 4 times per year. Each certification attempt
will be carried out without the prior knowledge of the developer.
This helps to ensure that every release of the product is capable of
meeting the certification criteria, not just a special
'certification' version.
If a product fails either test I or II, the vendor will be given 7
days to supply a fix for the problem, and make this fix publicly
available. If this time limit is not met, the product will be removed
from the certified product list available from this Web site. This
list will be maintained in such away that a product's certification
history (passes and failures) will be visible.
Once a product has been decertified, certification can only be
regained when the vendor ships through its normal distribution
channel a version of the product which is certifiable. A special fix
just sent to ICSA for testing is not acceptable.
--------------------Collection Management
--------------------One of the most important factors to consider when carrying out a set
of detection tests on anti-virus software is the way in which the
virus library is managed. It is also vital to know which vendors (if
any) have access to the actual test samples used, and the way in
which the library is created.
No sample used in the ICSA 'in the wild' test-set is sent out to any
vendor. However, should a virus be missed during a certification
attempt, a replicant of that sample (note that this is not a copy of
the actual sample) will be sent out to the vendor for inclusion in
the next release of the product. This process ensures that vendors
have reliable detection algorithms for each virus in the collection.
In the case of a polymorphic virus, multiple copies of each virus is
used, to ensure that the product tested can detect that virus with
accuracy. Copies of individual replications of each virus from within
this test-set are not made available to vendors; thus, the test is
carried out against an 'unseen' collection of files. In order to pass
this test, the product must detect every replication in the test-set.
All viruses in the collection are attached to standard Goat files,