Likely they do testing for known stuff, you can even get premade malware to attach to your exe files. The main problem is the more custom stuff, which is hard to test for, especially with code obfuscation.