FSB Security Labs

Good morning,

FSB Antivirus 0.7 beta is prematurely ready to be downloaded from our website, we want to thank everyone who supported us.


FSB Mecca Kernel :

- Complete re-writing.
- Various algorithmic changes and overall optimisations.
- Complete sub-engines communication protocol re-engineering.
- Multi-thread scanning support for multi-cores CPU.
- Overall speed improvements.

FSB Memory Scan engine :

- A major bug fix in the memory scanning engine : previous versions were not able to reach all memory objects.
- Anti-Stealth Technology.

FSB Advanced Code Analyzer :

- Level C+ heuristic rules .
- Various updates and new analysis rules.
- Some FP Fixes related to some commercial runtime packers : PeCompact, Armadillo, Asprotect, SafeDisc,VBox...
- Overall decrease in FP hits ( 70% less than previous versions).
- Major bug fix in the FPU decompiler.
- Overall improvments in the CODE TRACER engine.
- Partial analysis support for 64 Bit mode.

Batch Emulator :

- 2 new heuristic rules.
- Support for Skype's worms : BAT.SkypeWorm.Gen
- FP fix related to LATEX files.
- New static signatures (250 signatures).
- Minor improvments and bugfixes in the generic decryptor.

Exploit Engine :

- 2 new heuristic rules related to autorun.inf malwares.
- New generic rule for USB related malwares.
- New global heuristic rule Arc/Exploit.gen covering various compression archives.
- New heuristic rules Jpeg/Exploit (Adobe 8BIM specific)
- New heuristic rule LnkScanner (Lnk/Virus-Aspade & clones).
- New heuristic rule Trojan/Exploits Microsoft ASF (Music & video ).
- New heuristic rules Adobe/PDF.


FSB Antivirus Packmanager Framework :
----------------------------------------

Compression Archives / Compression algorithmes :

- Support for ZIP & ZIP Sfx (Deflate,enhanced Deflate,Shrunk,Implode,Reduce,BZip2,LZMA & PPMD).
- Support for JAR & JAR Sfx.
- Support for RAR & RAR Sfx.
- Support for ACE & ACE Sfx.
- Support for ARJ & ARJ Sfx.
- Support for 7Zip & 7Zip Sfx.
- Support for Microsoft CAB et CAB Sfx (MsZip, MsLzx & Ms Quantom).
- Support for GZip.
- Support for BZip2.
- Support for Tar.
- Support for Microsoft CHM documents.
- Support for LZMA compression.
- Support for UCL compression.
- Support for ApLib compression.
- Support for BLZ compression.
- Support for LZX & LZX1 compressions.
- Support for JCALg1 compression (Pe Compact).
- Support for ZLib compression (Inflate & inflate 64).
- Support for PPMD compression.
- Support for LZH compression.
- Support for LHA archives.
- Support for BinHex (MACINTOSH);
- Support for MSCompress archives. (LZ77)
- Support for ZOO & ZOO Sfx.
- Support for PDF documents.
- Support for Flash SWF files.
- Support for Microsoft Script Encoder (.vbe & .jse extensions).

Runtime Win32 compressors & cryptor :

- Support for Aspack (2.12 & 2.12b).
- Support for UPX (All official algorithmes : LZMA,Deflate,Nrv2b,nrv2d & nrv2e).
- Support for Bero Packer.
- Support for Packman packer.
- Support for Polypacker.
- Support for Petite Packer (2.1 et 2.2).
- Support for Yoda Cryptor (1.2 et 1.3).

Installation utilities :

- Support for InstallShield.
- Support for Inno Setup.
- Support for Wise Installer.
- Support for NSIS.
- Support for Ghost Installer.
- Support for ClickTeam Installer.

Commercial Binders :

- Support for Quick Batch Compiler (all versions)
- Support for Script Encryptor (all versions)
- Support for SiteInFile Compiler (all versions)
- Support for Batch File Compiler (4.x versions)
- Support for AutoIt (3.x versions)
------------------------------------------------------------------------------------------

FSB Kods Engine :

- Signatures detection support.
- Variant scope signatures detection support : (experimental so it may return some FP)
- Addition of 62.200 signatures (Some single signatures may cover a whole bunch of malware families )

FSB Macro Virus Scanner :

- Signatures detection support.
- Addition of 3.000 signatures.

Advanced PE/Win32 Heuristics :

- Complete engine rewriting.
- Old heuristic rules have been discarded.
- New heuristic family Possible PE-Infector.
- New heuristic rules VB/Susp.gen.heur.
- New heuristic rules Possible Rootkit.
- New heuristic family Suspicious Object.
- Algorithmic support of W32-Virus/Alisa
- Algorithmic support of W32-Virus/Alman
- Algorithmic support of NT-KeyLogger/Ardamax
- Algorithmic support of W9x-Virus/CIH_Tchernobyl
- Algorithmic support of W32-Virus/Delphi-Induc
- Algorithmic support of W32-Virus/Leon
- Algorithmic support of W32-Virus/Miam_Ginra
- Algorithmic support of W32-Virus/Parite
- Algorithmic support of W32-Virus/Polip
- Algorithmic support of W32-Virus/Sality
- Algorithmic support of W32-Virus/Stepar
- Algorithmic support of W32-Virus/Valla
- Algorithmic support of W32-Virus/virut
- Algorithmic support of NT-Worm/ZBot

FSB Antivirus Threat Removal Framework :

- Worm/NT.Autorun.inject.cn
- Worm/NT.Autorun.inject.dh
- Worm/NT.Autorun.inject.gen
- Worm/NT.Netsky.16
- Spyware.Banker.AA1
- Spyware.Banker.AA2
- Spyware.Banker.AA3
- Spyware.Banker.AA.gen
- Ransomware.FileFix.a
- VBS.Antinul
- Virus/W32.Parite.2
- Virus-Dropper/W32.Parite.2
- Virus/Win32.Induc
- Parasite/Delphi-dcu.Induc
- Virus/W9x.CIH.gen
- Virus-Win32/Leon.gen
- Virus/Win32.Valla.2048

FSB Antivirus Command Center GUI:

- Quarantine manager bugfixes.
- Log manager bugfixes.
- Various bug fixes.

--------------------------------------------------------------------------------

What else ? :

Don't uninstall your active antivirus products when you plan to install thel FSB Antivirus 0.7 beta, because there's no conflict at all : there's no realtime shields support for the time beeing, so its possible to run our Antivirus as a standalone scanner while keeping your current installed antivirus product.

Please don't forget, this is just a beta version so its unfinished yet and may contains some bug we didn't discover already.

Developpment continue....

Thank you all.

Hello,

A new version of the FSB Antivirus is available throught our downloads web page. FSB Antivirus 0.7 beta (build2). We want to thank our whole working staff for their valuable efforts : Bruno Bouvet, Thomas Sloth and Rajesh. Good job dudes, please let us continue that way : we're going to be a new Rockin'Rolla Antivirus Company !!

Special thanks to all the beta testers who helped us and a big "thank you" to SpiderLover.

Here is the major changes from the FSB Antivirus 0.7 (Build 1) to the current version :

FSB Kods Engine :

- Various structural updates in the Win32 signatures database.
- False Positive Correction of a variant signature. ( Trojan/Patched.7r )

FSB Antivirus Packman Framework :

- ZIP/JAR archives support fine tuning ( various updates in the generic sfx handlers algorithmes )
- Microsoft CAB archives support fine tuning ( various updates in the generic sfx handlers algorithmes )
- Adding support to Inno Setup installers ( versions 1.xx )
- Adding support to Smart Install installers.

Advanced PE/Win32 Heuristics :

- Correction of the majority of the False positives feedbacks we've get from our various Beta testers. ( Thanks to all )
- The scanning procedures are now going deeper than ever : The FSB Antivirus is scanning more and more objects.
- Various updates and improvments in VB/Susp.gen.heur generic rules.
- Correction of a potential False positive alert of W32-Virus/Stepar.gen with some Dr.Web Antivirus components.
- Adding algorithmic detection for W32-Virus/Texel.gen
- Adding algorithmic detection for W32-Trojan/Luder.gen
- Adding algorithmic detection for Backdoor-Dropper/SoftWAR.gen
- Adding algorithmic detection for W32-Backdoor/SoftWAR.2.gen

Pending task and futur plannings :

- There are some more pending False positives we didn't correct actually, and its only for technical reasons else we would delayed this release even more in time : I admit heuristics are greats, but just like a kind of hell to maintain.

- Update of our exclusive FSB Antivirus Threats Removal tool, and adding cleaning support for : W32-Virus/Texel.gen, W32-Trojan/Luder.gen etc..

- We discovered unfiltered crashes when you try to handle reported malicious objects throught the FSB Antivirus Command Center (GUI), so we will fix them in the next release. ( Sorry, this is my personal fault )

- Actually we didn't integrated all of our viral signatures, so keep in mind that our Win32 Database is not up to date !!! we already handled for about of 50% of our collections and this collection is keeping growing and growing ( Thomas Sloth stop killing us plz !! )... Its a real painfull task, because we are trying to do the correct job : While so many others companies are runing signatures robot hashers blindly on their viral collections and on every malicious file they get, we, at the FSB Security Labs, we are trying to extract and isolate only malicious objects and to target only the malicious ones. Knowing we are doing all these tasks mainly by hands, please understand why its so hard for us. I am the Main Senior Coder and the Main Senior Antivirus Architect here : if I get stuck by something and I get it frenquently then Bruno Bouvet and all the others get stuck too thus the whole project as an entity etc.. : its like the Domino effect !! Firms like Avira GmBH have more than 300 direct antivirus workers, but we, we are mainly 3 persons trying to be more than Avira's 300 ones....

- As discussed with Bruno Bouvet and Thomas Sloth, we are going to focus our efforts on the FSB Antivirus Updating Framework and we think its the most important incoming component to avoid downloading every new releases, new updates or bug fixes from the website...

Thank you all so far.

Hello, I want to thank so much people for their supports and different kind of help : you're such great !!! The Whole FSB Security Labs crew has done an amazing job too these last days, and just like Thomas Sloth is always saying : "This is just the beginning".

I was discussing with a good friend : Maniac ( Borislav from Bulgaria ), and I told him we were planning to release the FSB Antivirus 0.7 Beta (Build 3) some days ago, but as you see : we've released nothing till' today; but why ? well, we are receiving False Positives issues mainly from different kind of places : Thousands of pieces from everywhere, and we decided to fix the most urgent of them before releasing the FSB Antivirus 0.7 beta (Build 3).

Let's hope we'll be able to finish the most of our tasks tonight, and beeing able to release this awaited version

Thank you all, we love you so much !!

Hello everyone,

we're very sorry for these booring delays, we didn't slept tonight until everything has been prepared for the update-release of the FSB Antivirus 0.7 bêta (Build 3).

I'll post fixed bugs and added features this morning, now I have to go sleep a little.

See you around

Hello,

The FSB Antivirus 0.7 beta (Build 3) is finally available for downloading, we're very sorry for the delays. This build bring some major fixes and improvements :

Mecca Kernel :

- Overall speed improvements.
- Minor updates of the engines communication protocole.

FSB Antivirus Packman Framework :

- Overall speed improvements.
- Fixing a Memory Leak of the Microsoft CAB engine handler.
- Fixing a rare unpacking error of the Tarball engine handler.
- Several improvements of the 7zip sfx engine handler.
- Several improvements of the NSIS engine handler.
- Fixing an unpacking error of the MSCOMPRESS engine handler.
- Minor updates into the Portable Archives Manager Library ( LZ77 and re-design of the global memory manager )
- Several improvements of the NSIS engine handler.
- Support for Setup Factory.
- Support for CExe packer.

FSB Antivirus Macro Scanner :

- Fixing a serious bug ( The FSB Antivirus didn't scanned Office Macro objects at all ! )

Advanced PE/Win32 Heuristics :

- Correction of the majority of the False positives feedbacks we've get from our various Beta testers. ( Thanks to all of our beta testers )

FSB Antivirus Command Center :

- Sending Suspicious / Infected / False Positives through the FSB Command Center or FSB Shell scanner works again, and there is no more need for SMTP details configurations ( The sender now send objects to the FSB Security Labs by FTP protocol ).
- Fixing a serious crash ( Manipulations of reported objects cause the whole Command Center to shut down ).

The next step we will make is to finish the Updating framework, so stay tuned.

Hello, the new FSB Antivirus 0.7 Beta ( Build 4 ) will be available soon for downloading : this new build will add some more functionalities and correct sevreal bugs which get reported to us.

Have a good weekend.