flat assembler
Message board for the users of flat assembler.

Index > Heap > Small test for AV Scanners

Author
Thread Post new topic Reply to topic
Fixit



Joined: 22 Nov 2012
Posts: 161
Fixit
Using and Creating An EICAR file

Users who would like to check the correct operation of their F-Secure Anti-Virus products can download the EICAR test file from the following links:

EICAR File in COM-format
EICAR File in ZIP-format

Alternatively, to create an EICAR test file, use any text editor to create a file with the following single line in it:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Save the file with any name using a COM extension; for example, EICAR.COM. Make sure you save the file in standard MS-DOS ASCII format. Now you can use this file to demonstrate what occurs when a virus is detected.
Post 04 Feb 2013, 04:54
View user's profile Send private message Reply with quote
Spool



Joined: 08 Jan 2013
Posts: 154
Spool
[ Post removed by author. ]


Last edited by Spool on 17 Mar 2013, 10:09; edited 1 time in total
Post 04 Feb 2013, 06:14
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
Fixit wrote:
Users who would like to check the correct operation of their F-Secure Anti-Virus products

Just a small clarification: *all* AV software are supposed to detect EICAR not just F-Secure (hence the "STANDARD-ANTIVIRUS-TEST-FILE" message).
Post 04 Feb 2013, 07:24
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1180
Location: Unknown
HaHaAnonymous
[ Post removed by author. ]


Last edited by HaHaAnonymous on 28 Feb 2015, 21:45; edited 1 time in total
Post 04 Feb 2013, 11:47
View user's profile Send private message Reply with quote
Fixit



Joined: 22 Nov 2012
Posts: 161
Fixit
Spool,

What scanner did you use to find it?

Andy
Post 04 Feb 2013, 13:57
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY
This will only test if the real time protection is activated though.

Real viruses require much more elaborated methods to detect and remove.
Post 04 Feb 2013, 14:39
View user's profile Send private message Reply with quote
Fixit



Joined: 22 Nov 2012
Posts: 161
Fixit
You are right, If real time protection is off, it won't pick it up automatically.

It should be put in a directory that is scanned when scans are run.

My research in testing scanners has revealed:

1. Many false positives on non-viruses based strictly on code used in the program

2. Identifying some .com files as viruses - all the program does is display a text message

3. Weakness in non-Gui environments

Andy
Post 04 Feb 2013, 16:04
View user's profile Send private message Reply with quote
Coty



Joined: 17 May 2010
Posts: 546
Location: ␀
Coty
HaHaAnonymous wrote:
Anti-viruses are more inaccurate than me. In my opinion, they created "anti-virus" software just to win some money from lay users. Don't fall in this trap.


Good for you. Even if so spending a little money each year helps make allot of my transactions safer, and since I do allot of work and transactions over the inernet, I need all the 'help' I can get.
Post 07 Feb 2013, 01:03
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.