Download Print Version

OESISOK™ Antiphishing Criteria - Version 1.1


Installation Test

A submitted application is installed on all supported operating systems. In order to complete this test, it must clear all of the following checks:

  • The application installer completes without errors on all supported operating system and language combinations reflected in application documentation.

Rogue Application Test

A submitted application is checked against known lists of rogue applications. In order to complete this test, it must clear all of the following checks:

  • Application or its vendor is not listed as ”rogue” according to the OPSWAT internal database.
  • Application installer and binaries are scanned against multiple anti-malware engines listed below. None of the following engines should report any application file as “suspicious”, “threat” or other nomenclature indicative of the submitted application being rogue.
    • Spybot Search & Destroy 1.5
    • Lavasoft Ad-Aware 2007 Free Edition
    • Symantec Antivirus
    • McAfee VirusScan
    • CA eTrust™
    • Norman Virus Control
    • ESET NOD32 Antivirus Engine
    • VirusBuster EDK
    • Microworld eScan Engine
    • Kaspersky Anti-Virus®
    • ClamAV

OESIS® Local Detection Test

A submitted application is checked to ensure it will be detected by the OESIS Framework.



Appendix - Verification Testing

When an application is submitted for the OESISOK Antiphishing designation, the following tests will be performed for statistical data analysis:

Site Recognition / User Protection Test

A submitted antiphishing application is checked for its ability to correctly identify phishing sites. The following tests will be performed:

  • Site Recognition: The antiphishing application must remain current against a blacklist of known phishing sites and determine whether or not it poses a threat.
  • User Protection: Application must provide notification if a phishing site is identified:
    • Prompt for action (allow/block)
    • Automatically block site