While different works tested antiviruses (AVs) resilience to obfuscation techniques, no work studied AVs looking at the big picture, that is including their modern components (e.g., emulators, heuristics). As a matter of fact, it is still unclear how AVs work internally. In this paper, we investigate the current state of AVs proposing a methodology to explore AVs capabilities in a black-box fashion. First, we craft samples that trigger specific components in an AV engine, and then we leverage their detection outcome and label as a side channel to infer how such components work. To do this, we developed a framework, crAVe, to automatically test and explore the capabilities of generic AV engines. Finally, we tested and explored commercial AVs and obtained interesting insights on how they leverage their internal components.