Products and services certified by the ICSA Labs Anti-Virus Product Certification program are able to prevent the end user from becoming infected by in-the-wild and other computer malware. The Anti-Virus Certification Criteria is geared for products and services that detect computer malware prior to causing an infection. The requirements comprising the criteria are intended to ensure the proper detection of self-replicating computer malware before doing any damage to the host system.

The Anti-Virus Certification Criteria consists of primary and secondary modules, an addendum, and a glossary. To attain ICSA Labs Anti-Virus Certification, the Certification Candidate must completely satisfy all requirements in one of the primary modules. Testing against a secondary module, such as the Cleaning module, is optional. The Anti-Virus Certification Test Suites Matrix contains a matrix that the primary modules refer to. Finally, the Glossary module, which does not contain requirements, has definitions for terms appearing in the primary and secondary criteria modules as well as in the addendum.

The primary modules are identified by the type of anti-virus product or service being tested and are chosen by the vendor-customer prior to submitting their product or service for testing. The five primary modules correspond to a particular type of anti-virus product or service: Desktop/Server, Gateway, Groupware, Managed Services – ASP and Inline Protection. There is currently one secondary module, called the Cleaning module. As with choosing a primary module, testing against the secondary module is elected by the vendor-customer prior to submitting their product or service for testing

Primary Modules

Desktop Server Anti-Virus Detection

This module is targeted at Anti-Virus products designed to protect individual desktops, laptops, and/or servers of residential users and organizations from malicious code infection. The Anti-Virus engine and virus signature software are installed and maintained on individual desktops, laptops and servers. Anti- Virus products satisfying the requirements in this module have the capability to:
•  Detect malware on-demand;
•  Detect and prevent the replication of viruses on-access;
•  Report no false positives;
•  Log the results of malware detection attempts;
•  Perform necessary administrative functions.

 Gateway Anti-Virus Detection

This module is targeted at Anti-Virus products designed to protect an organization or residence from penetration by self-replicating malicious code at the network edge or at a particular services network entry/exit point. The Anti-Virus engine and Virus signature software are installed and maintained on the network edge or service entry point device. Examples of network-edge devices or service entry/exit points include firewalls and proxy servers. Anti-Virus products satisfying the requirements in this module will have the capability to:
•   Detect malware on-demand;
•   Report no false positives;
•   Log the results of malware detection attempts;
•   Perform necessary administrative functions.

Groupware Anti-Virus Detection

This module is targeted at Anti-Virus products designed to protect information collection and sharing servers near the network-edge of an organization from exploitation by self-replicating malicious code. The Anti-Virus engine and Virus signature software are installed and maintained on the information collection and sharing server. Examples of information collection and sharing servers near the network perimeter include Microsoft Exchange, Lotus Notes/Domino, and electronic mail servers. Anti-Virus products satisfying the requirements in this module will have the capability to:
•   Detect in-the-wild and common infector malware on-access for inbound and outbound traffic;
•   Prevent the replication of in-the-wild and common infector malware on-access;
•   Report no false positives;
•   Log the results of virus detection attempts;
•   Perform necessary administrative functions;
•   Be unable to send malware.

Inline Anti-Virus Detection

This module is targeted at Anti-malware products designed to protect an organization or residence from penetration by malware at the network edge or at a particular services network entry/exit point. The Antimalware engine and virus signature software are installed and maintained on the network edge or service entry point device. Anti-malware products satisfying the requirements in this module will have the capability to:
•  Detect in-the-wild computer malware on-access for inbound and outbound traffic;
•  Report no false positives;
•  Log the results of malware detection attempts;
•  Perform necessary administrative functions.

Managed Services - Application Service Provider (ASP) Anti-Virus Detection

This module is targeted at managed services designed to protect all individual desktops, laptops, and/or servers within a corporate network from self-replicating malicious code infection. Though deployed on the machines in the corporate network, the virus detection software is maintained and largely managed at the
remote, managed service provider. It is unnecessary for users and administrators belonging to the corporate network to ensure that virus signatures on their machines are up-to-date. This and other maintenance of the virus-detection software are handled by the managed service. Managed services satisfying the requirements in this module will have the capability to:
•  Detect viruses on-demand;
•  Detect and prevent the replication of viruses on-access;
•  Report no false positives;
•  Provide a secure means of retrieving the log of virus detection results;
•  Perform necessary administrative functions.

Secondary Module

Anti-Virus Cleaning

This module is targeted at Anti-Virus product and service offerings that have already met one of the primary detection modules. Anti-Virus product and service offerings meeting this Cleaning Module include the ability to remove in-the-wild viruses from infected files and sectors when possible. Such product and service offerings are able to remove all viruses without adversely affecting the data or functionality that existed before becoming infected.

If you would like to provide feedback to the criteria below, please send an email to criteria.input@icsalabs.com and someone will be in contact with you.