Scanning with multiple anti-malware engines provides many advantages over the use of a single antivirus engine. One of these benefits is a reduction in the amount of time until new virus outbreaks are detected. For any new threat, engines will include detection at different times due to their differing threat detection algorithms and databases of virus signatures. With a multi-scanning solution, the time to detection is decreased to the earliest detection time of all of the engines used. As more and more engines are added to a multi-scanning solution, the fastest detection times for different new threats become available, and the average time to detect a new virus will decrease.
We can see an example of this in action with a recent upload to Metascan Online. This particular file, named JavaUpdate.exe, was first uploaded on January 25th to Metascan Online where it was scanned by 40 different antivirus engines.
| Initially, this file was only identified as a threat by one engine (ESET). |
| By January 29th, three engines (AVG, ESET, and Microsoft) were identifying this file as a threat. |
| On February 1st, four engines (AVG, ESET, Fortinet, and Microsoft) were labeling this file as a threat, and one engine (Kaspersky Lab) had flagged it as suspicious. |
| And by February 7th, seven engines (AVG, ESET, Microsoft, Fortinet, AhnLab, ByteHero and IKARUS) were detecting this file as a threat, and one engine (Kaspersky Lab) considered it suspicious. |
These results demonstrate that it can take different amounts of time for different engines to add new threats to their virus signature databases. Because the first engine to detect each new threat varies, the best coverage is obtained by having a multi-scanning solution (such as Metascan). By scanning files using many different antivirus engines, new threats are detected as soon as any of the included engines are able to detect the threat.
