October 2005AntiVirus and TrojanTechnology ReportFor Server, Gateway and Appliance SolutionsPanda Software FileSecure
Test Report 3_______________________________________________________Test SpecificationsThe overall objective of this AntiVirus and Trojan Technology Report for Server, Appliance andGateway Solutions is to evaluate each product in a controlled environment. Throughout the test period,each product was configured as recommended to update online. The testing environment representedthat of a small to medium sized business or branch office.Products were tested in accordance with the functionality criteria of the Checkmark certificationsystem for AntiVirus Level 1 and, where Checkmark Certification registration permitted, forAntiVirus level 2 and Trojan .Each Test Report is supplemented by a Features and Functionality Buyers Guide and information fromthe product developer concerning the type of business or organization the product is developed for,plus the direct technical and business benefits of the product.Each White Paper looks at a product’s Management, Administration and Functionality.1. Management/Administration.The testing will report on the following functions:-• Installation• Product update process• Logging and reporting function2. FunctionalityProducts will be tested in accordance with Checkmark AV level 1 and Trojan test (where registered) todetermine the ability to detect viruses and Trojans.For those products registered for Checkmark AV Level 2, the testing will report on the following virusdisinfection capabilities:-• Products will be tested to determine their ability to disinfect files infected with viruses.What is a virus? A Virus is a program or piece of code attached to a file or diskette's boot sector and isloaded onto a computer without the user's knowledge. Viruses are manmade (though they can becorrupted in use to form new variants of the virus) and replicate themselves by attaching themselves tofiles or diskettes, often soaking up memory or hard disk space and bringing networks to a halt. Mostrecent viruses are internet-borne and capable of transmitting themselves across and bypassing securitysystems. Minor variants of the same virus are classed as families of viruses.What is a Trojan? Trojan Horses or Trojans are destructive programs that pretend to be benignapplications. Unlike Viruses or Worms, Trojan Horses do not replicate themselves but they can bedamaging to networks by delivering other types of Malware.
Test Report 5_______________________________________________________Test ReportManagement and Administration.Panda FileSecure is a component of Panda EnterpriSecure with TruPrevent Technologies, which inthis case was installed and administered using Panda AdminSecure, another component of theEnterpriSecure suite.We installed Panda AdminSecure to a Windows 2003 server, where it created an administrationconsole supervising all available devices. We then deployed it to a Windows 2003 server on which itinstalled Panda FileSecure; had we deployed it on to other platforms, it would have installed othermodules of EnterpriSecure such as Panda ExchangeSecure or Panda DominoSecure. It is also possibleto control other pieces of software in the Panda suite such as Sendmail Secure on Linux via aCommunications Agent.The networking ability of this product allows for distribution over a wide network to a variety of othersystems. The ability to schedule scans at different times for different groups or different individualclients is useful to ensure that the administrator with responsibility for keeping the clients secure is notoverwhelmed at any one time.Distribution of the Communications Agent is simple and straightforward. From the Tools menu inPanda AdminSecure, there is a link that launches a wizard. This gives several options, allowing theAdministrator to install the Communications Agent on Windows or Novell devices remotely, togenerate a script to install the Agent on the next user login, or to build a package for some other meansof distribution. If a network-based installation is chosen, the Administrator may then choose todistribute by computer name or domain, or enter individual IP addresses or ranges.The final steps involve specifying the computer with the Administration Server installed and a LoginUser name and password with administrative rights on the target client machine. This is a very simpleprocedure to follow, and takes a lot of the work of distribution away from the Administrator.Once installed, real time protection runs on the client machine but all scans are initiated and controlledfrom the AdminSecure machine. The user of the client machine sees the real time monitor’s Pandafaceicon but can do nothing with it.The AdminSecure console can be opened on the server machine without any password. It contains alist on the left comprising Windows Workstations and various server types, e.g. Proxy servers,Domino servers. Categories not in use can be hidden to reduce the details displayed and make it easierto concentrate on relevant information. At the bottom of the list are two buttons, Administration andReports. Clicking on Reports takes you to another screen on which reports of a number of differenttypes can be generated. Clicking on Administration returns the user to the original screen.
Test Report 6_______________________________________________________Test Report (continued)Clicking on any server type brings up a list of the members of that category currently known toAdminSecure. For each of the server categories a screen on the right shows six tabs: Self-Diagnosis,Modules, Jobs, Settings, Scan and Events. Overall, the interface is easy to navigate and wellorganized.Self-diagnosis provides statistics for the members of the category such as how many have Antivirusinstalled, how many have outdated definitions and how many are disabled. It also provides links bywhich any problem in these categories can be corrected. Modules lists the members of the category,and right clicking on each member means that it can have the Antivirus installed, removed or updated,scans can be added and settings edited.Settings also enables these to be edited. The defaults in use are that an editable extension list is usedfor scanning (though all files can be selected) and that malware will be detected, and possible actionson detection include delete, disinfect and rename. Warnings can be sent and heuristics can be used.Events provides a log of the problems found on that machine.Functionality Testing.Given the level of Panda’s membership of the Checkmark Certification program, the functionalitytesting was conducted on the basis of the AV Level 1, AV Level 2 and Trojan certification tests.The tests carried out were as follows:Test 1The scanner was used to scan viruses in the June 2005 Wildlist (the Wildlist being released on 11 thAugust), both on-demand and on-access.Using the definitions of 29 August, FileSecure detected all the viruses in the June Wildlist withoutany trouble.Test 2The scanner was used to disinfect infected files and diskettes infected with a selected list of the virusesin the above Wildlists.FileSecure disinfected the appropriate files without problems.Test 3The West Coast Labs collection of Trojan Horses as it stood at 1 st August 2005 was scanned.FileSecure detected all the Trojans in the West Coast Labs collection without problems.Additional FeaturesDetection of items offered as unwanted programs, e.g. spyware, was not tested.
Test Report 7_______________________________________________________West Coast Labs ConclusionFileSecure from Panda is a component of the EnterpriSecure suite which offers complete AVprotection across a heterogeneous network infrastructure. FileSecure provides excellent detection ofVirus and Trojans, and efficiently disinfected all test files. Recommended for any Administrator with acomplex network to administer.West Coast Labs, William Knox House, Britannic Way, Llandarcy,Swansea, SA10 6EL, UK. Tel : +44 1792 324000, Fax : +44 1792 324001.www.westcoastlabs.org
Test Report 8_______________________________________________________Anti Virus & Trojan Technology ReportFeatures and Functionality Buyers GuidePanda Software FileSecureFileSecureProductIs the product standalone or corporate? S or C CIf corporate, is it self-contained or are other productsneeded to deploy/configure/monitor it? Y or N YCertificationIs the product certified to Checkmark AV Level 1 Y or N YIs the product certified to Checkmark AV Level 2 Y or N YIs the product certified to Checkmark Trojan Y or N YUpdatesCan updates be scheduled? Y or N YAre new updates produced daily? Y or N YCan automatic updates be scheduled? Y or N YAre emergency updates produced during outbreaks? Y or N YIf so, are these made available to all customers? Y or N YCan updates be pushed down? Y or N YCan updates be downloaded and installed manually? Y or N Y(If corporate) can updates be distributed? Y or N YAre out-of-date virus definitions reported to the user? Y or N YLogsAre logs produced? Y or N YCan entire logs be printed off? Y or N YCan selected entries be printed off Y or N YCan logs be saved in a file? Y or N YCan selected/filtered entries be saved in a file? Y or N YCan the format of the file be selected? Y or N YCan the logs be sorted? Y or N YCan the user select what information will appear in the log? Y or N YCan user notifications be disabled? Y or N Y
Test Report 9_______________________________________________________Anti Virus & Trojan TechnologyReportPanda Software FileSecureFileSecureScanningCan folders/files be selected for scanning? Y or N YAre all file extensions scannable? Y or N YCan files without extensions be scanned? Y or N YAre all file extensions scanned by default? Y or N NCan ZIP and TAR files be scanned? Y or N YCan scans be scheduled? Y or N YAre unscannable files reported? Y or N NIs there a real-time scanner? Y or N YCan infected files be quarantined? Y or N NCan infected files be disinfected? Y or N YCan infected files be deleted? Y or N YCan users select the appropriate option when the infected file is found?Y or NYAre product plugins supported? Y or N NDoes the product have system restore abilities? Y or N YAccessoriesIs there a virus encyclopaedia on the hard disk? Y or N NIs there a virus encyclopaedia online? Y or N YCan virus samples be sent to the vendor via email? Y or N YIs the product dependent upon certain service packs being applied? Y or N N
Test Report 10_______________________________________________________Additional Security FeaturesAs stated by Panda SoftwarePowerful antimalware scan engine• With its advanced scan engine, FileSecure with TruPrevent Technologies offers unrivalledprotection for corporate file servers against viruses, worms, Trojans, spyware, tracking cookies,adware, hacking tools, dialers and other security threats.• Its features include the ability to inspect files opened in exclusive mode, and powerful heuristicscanning for NetWare and Windows based on statistical systems.Interception of unknown viruses and intruders• FileSecure includes TruPrevent Technologies, preventive technologies that monitorprocesses running on the system, analyzing calls to the operating system in search of themalicious behavior of previously undetected viruses, worms or Trojans, that could threatenyour Windows servers.• This system doesn't just detect unknown malware, but due to the lack of false positives, it canblock the process, preventing it from running and then request the antidote by sending thesuspicious file in an encrypted message to Panda's Laboratories. It then automatically disinfectsand repairs the server. This drastically reduces response time, and reduces the risk ofdamaging company reputation.Secure communication and flexible policy management• FileSecure with TruPrevent Technologies controls stack access to prevent buffer overflowsand performs deep packet inspection on data transmitted to impede the spread of knownnetwork attacks –such as attempts to identify the operating system, denial of service attacks,network viruses, IP Spoofing, MAC Spoofing.• It also includes a mechanism for monitoring security policy giving flexibility to the policiesdefined by Panda and enforcing compliance with security rules regarding access to systemresources (files, registry entries, COM components..), as well as secure access to informationby users , as computer security levels and user credentials are checked on access to thenetwork.url : http://enterprises.pandasoftware.com/products/file_tp/
Test Report 11_______________________________________________________AppendixAnti Virus Level 1 CertificationFor a product to be certified to Anti-Virus Checkmark Level 1, the product must be able todetect all viruses currently ‘In the Wild’ as at the time of testing. Test specifications can bedownloaded from http://westcoastlabs.org/cm-briefingdocs.aspAnti Virus Level 2 CertificationFor a product to be certified to Anti-Virus Checkmark Level 2, the product must be able todisinfect all viruses currently ‘In the Wild’ as at the time of testing and capable of beingdisinfected. Test specifications can be downloaded fromhttp://westcoastlabs.org/cm-briefingdocs.aspTrojan CertificationFor a product to be certified to the Trojan Checkmark, the product must be able to detect allTrojans currently in the Checkmark Trojan test suite as at the time of testing. Testspecifications can be downloaded from http://westcoastlabs.org/cm-briefingdocs.asp