Re: Benign samples for testing AV vendors

[John McCabe <john.mccabe01 () MANHATTAN EDU>]

Hi Bobby,

I googled your name as I was not sure I understood your purpose. I see that
you're an antivirus researcher so I wish you success in making AV better.

AV is an example of a computation that does its best to ignore the Halting
Problem. I'm of the mindset that false positive are fine as long as the
user can report false positive back to the AV company and the AV company
does its best to improve.

To answer your question, I'm not sure if a dataset meant to measure the
false positive rate of AV exists. It is too bad that spec.org does not have
a specific dataset for this purpose. Others have mentioned that EICAR is
technically a false positive but that's by design, which is uninteresting
if you want to measure & compare the false positive rate of AV solutions.

RHEL software should be easy to find from CentOS package repositories. You
can always use yum to download the source RPM (SRPM) & compile with
different optimization levels, to gather "extra" programs.

See if https://chocolatey.org/ and https://ninite.com/ can give you enough
executables for your testing. In my experience, they are virus-free. Don't
use download.com, cnet.com, sourceforge, etc.

Regards,
John



On Mon, May 20, 2019 at 4:39 PM Bridges, Robert A. <
0000008d8011d045-dmarc-request () listserv educause edu> wrote:

> Hi, we’re planning on testing some AV vendors products. Is there a good
> way to collect or download known benign files for many different OSes,
> specifically Windows 7, 10, and RHET distros?
>
>
>
> Thanks
>
> Bobby
>
>
>
> Robert A. Bridges, PhD, Oak Ridge National Laboratory


-- 
*John McCabe *

*Senior Information Security Manager & Data Protection OfficerInformation
Technology Services*
[image: Manhattan College Logo/Shield]
Riverdale, NY 10471
Phone: 718-862-6217
john.mccabe01 () manhattan edu
www.manhattan.edu