Jump to content











Photo

Is your Anti-Virus healthy and responding right, Check that out


  • Please log in to reply
14 replies to this topic

#1 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 09 November 2010 - 07:35 AM

*
POPULAR

The European Expert Group for IT-Security (eicar) thankfully have developed an Anti-Virus or Anti-Malware test file, and as they say on the test file’s web page “Since it is unacceptable for you to send out real viruses for test or demonstration purposes, you need a file that can safely be passed around and which is obviously non-viral, but which your anti-virus software will react to as if it were a virus. “
“Using real viruses for testing in the real world is rather like setting fire to the dustbin in your office to see whether the smoke detector is working. Such a test will give meaningful results, but with unappealing, unacceptable risks.”
“The good news is that such a test file already exists. A number of anti-virus researchers have already worked together to produce a file that their (and many other) products "detect" as if it were a virus.”
“You are encouraged to make use of the EICAR test file. If you are aware of people who are looking for real viruses "for test purposes", bring the test file to their attention”
So here we are, I tested the code provided HERE with 5 of the top Anti-Virus products, I simply copied the code to a new text file I created on my desktop, and each Anti-Virus had differently reacted to that file, let’s see what happened:
1- Microsoft Security Essentials was the fastest of them all to react, almost instantly after I copied the code to the text file, and before I save it and close it, warnings popped out, asking permission to delete:

Posted Image

Posted Image

2- 2011 Norton Anti-Virus, was slightly slower to respond, I had to hit save file and before I close it, warnings popped out, and removed the file:

Posted Image

Posted Image

3- 2011 BitDefender Anti-Virus Pro, reacted exactly the same as Norton AV 2011 above:

Posted Image

4- 2011 AVG Anti-Virus was the most lovely and civilized of them all, it didn’t react at all when I copied the code to the text file, it didn’t respond also when I saved the file to desktop, it didn’t even react when I scanned the PC, and it showed no threat at all, but when I decided to download the test file from the net, it immediately showed warning pop ups the moment I hit the download button:

Posted Image

Posted Image

Posted Image

Posted Image

5- 2011 Kaspersky Internet Security, to my surprise was the worst behavior of them all, as I copied that code to the text file, nothing happened, I waited for a few seconds then I hit save file to desktop and nothing happened, then I double clicked the Kaspersky icon in the task bar to see if the program is working on something, and I found nothing abnormal, I was surprised, then I went on to open that test file to make sure I copied all the code correctly, and when I did that, the text file couldn’t open and the PC kind of freeze up, only then the Kaspersky showed orange color and not red warning that something needs to be fixed, I hit fix and nothing happened, the Kaspersky freeze as well as the test file:

Posted Image

6- I had to restart the PC 2 more times and try to delete that test file, only then a red warning popped up, and I couldn’t delete that file at all, nor to terminate the Kaspersky:

Posted Image

7- so I had only 2 choices to stop this nonsense irritating behavior, either I uninstall the Kaspersky, or use the Kaspersky Rescue USB [Check my tutorial about it HERE]to remove that test file, and so I did reboot the PC with the Rescue USB and deleted that test file. SO my advice if you are not a Tech savvy, never try this test file on a PC with Kaspersky installed on it, or you will suffer what I just told you.
8- When I downloaded the zipped version of the file, and the Double zipped version, all the Anti-Virus programs above detected the test file inside the zipped files and deleted them both.
9- Tech Savvies can download the zipped files for testing purposes from HERE.
=============================================================
Posted Image
=============================================================
Many computer security vendors offer free computer security checks for your computer. Visit this link to check your computer for known viruses, spyware, and more and discover if your computer is vulnerable to cyber attacks.
=============================================================
1- 2011 Norton Anti-Virus Rescue USB
2- 2011 Kaspersky Anti-Virus Rescue USB
3- 2011 AVG Anti-Virus Rescue USB
4- 2011 BitDefender Anti-Virus Rescue USB
=============================================================
My Previous Topics & Tutorials HERE
=============================================================

Attached Files


  • Master of Disaster, Fedrico Garcia, Estefan Wehbe and 4 others like this

#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13749 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 09 November 2010 - 11:08 AM

JFYI:
http://www.virustota...fd0f-1289300205

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: 44d88612fea8a8f36de82e1278abb02f
Date first seen: 2006-05-22 12:42:02 (UTC)
Date last seen: 2010-11-09 09:14:04 (UTC)
Detection ratio: 43/43


http://www.virustota...fd0f-1289294044

The file dates back to 2006 :lol:

Not a real surprise that it gets detected by 43 out of 43 engines ;), if they didn't make it in 4 years, THEN there would have been a problem. :lol:

The good news is that such a test file already exists. A number of anti-virus researchers have already worked together to produce a file that their (and many other) products "detect" as if it were a virus.

NOT news. :)

You are encouraged to make use of the EICAR test file. If you are aware of people who are looking for real viruses "for test purposes", bring the test file to their attention.

Maybe if they would provide a NEW file every week or so, THAT would be of use.

IMHO the good guys at EICAR have their badge (self appointed, BTW) allright ;) , but they do produce mostly talk :):

http://www.imdb.com/...t0094226/quotes

Capone: [sneering] Get out, you're nothing but a lot of talk and a badge.


:confused1:
Wonko

#3 fxchby

fxchby

    Newbie

  • Members
  • 17 posts

Posted 10 November 2010 - 02:43 AM

jamal I like your post as of all your other posts ..they r rich..powerful..and work like magic:magic: am big fan of urs.

wonko didnt like wat u said abut the EU security pros..didnt like also utake certification in no consideration while its desisiverefering 2 ur post:

http://www.boot-land...showtopic=12862
also from ur link provided above:
http://www.imdb.com/...t0094226/quotes

i came up with a beter senario..enjoy it:
Malone: Why do you want to join the force?
wanking-in-sane: To protect the boot-landers...
Malone: Ah, don't waste my time with that bullshit. Where you from, wanking-in-sane?
wanking-in-sane: I'm from the outside of the asylum.
Malone: sane. wanking in sane. That's your name? What's your real name?
wanking-in-sane: That is my real name.
Malone: Nah. What was it before you changed it?
wanking-in-sane: my name was jackal-ass.
Malone: Ah, I knew it. That's all we need on boot-land, one jackal ass wanking his bullshit in sane.

#4 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 10 November 2010 - 02:50 AM

*
POPULAR

Thank you Wonko, I think you are missing the point here, the test file is not a virus definition file so to be new, the purpose of the test file is to be legitimate and safe to use in tests, and it is essential that all anti-virus products know it, that's why they still use it as the sole legitimate test file. thank you again.


fxchby, thank you for your nice words, am doing my best. regards.
  • Master of Disaster, Fedrico Garcia, Estefan Wehbe and 3 others like this

#5 M8R-d4kps4

M8R-d4kps4
  • Members
  • 2 posts
  •  
    United States

Posted 10 November 2010 - 03:07 AM

i came up with a beter senario..enjoy it:

Malone: Why do you want to join the force?
wanking-in-sane: To protect the boot-landers...
Malone: Ah, don't waste my time with that bullshit. Where you from, wanking-in-sane?
wanking-in-sane: I'm from the outside of the asylum.
Malone: sane. wanking in sane. That's your name? What's your real name?
wanking-in-sane: That is my real name.
Malone: Nah. What was it before you changed it?
wanking-in-sane: my name was jackal-ass.
Malone: Ah, I knew it. That's all we need on boot-land, one jackal ass wanking his bullshit in sane.


OMG :confused1: BIGGG LOL!! :lol: you made my day chubby :D

#6 fxchby

fxchby

    Newbie

  • Members
  • 17 posts

Posted 10 November 2010 - 11:03 PM

OMG :) BIGGG LOL!! :confused1: you made my day chubby :lol:

u r welcom dear :)

#7 lawtill

lawtill

    Newbie

  • Members
  • 13 posts

Posted 12 November 2010 - 10:03 AM

jamal I like your post as of all your other posts ..they r rich..powerful..and work like magic:magic: am big fan of urs.

wonko didnt like wat u said abut the EU security pros..didnt like also utake certification in no consideration while its desisiverefering 2 ur post:

http://www.boot-land...showtopic=12862
also from ur link provided above:
http://www.imdb.com/...t0094226/quotes

i came up with a beter senario..enjoy it:
Malone: Why do you want to join the force?
wanking-in-sane: To protect the boot-landers...
Malone: Ah, don't waste my time with that bullshit. Where you from, wanking-in-sane?
wanking-in-sane: I'm from the outside of the asylum.
Malone: sane. wanking in sane. That's your name? What's your real name?
wanking-in-sane: That is my real name.
Malone: Nah. What was it before you changed it?
wanking-in-sane: my name was jackal-ass.
Malone: Ah, I knew it. That's all we need on boot-land, one jackal ass wanking his bullshit in sane.


Really !!
How old are you? i don't think any one older then 12 year can laugh on your joke.

#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13749 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 November 2010 - 05:15 PM

Thank you Wonko, I think you are missing the point here, the test file is not a virus definition file so to be new, the purpose of the test file is to be legitimate and safe to use in tests, and it is essential that all anti-virus products know it, that's why they still use it as the sole legitimate test file. thank you again.


Very possible ;), though I don't see the point in testing something already tested.

I mean, WHAT is the point in "Is your Anti-Virus healthy and responding right, Check that out"?

ALL of them since years "know" that particular EICAR sequence of bytes.

We need NEW sequences to test with - in case.




@fxchby, I don't see the need to offend me.

EICAR produced that "fake virus" 4 YEARS ago (and NO new ones/updates since), I guess I am fully entitled to say that IMHO they are - to say the least - very UNLIKE productive (and useful).


I don't see how this entitles you to offend me. ;)

;)
Wonko

#9 ksanderash

ksanderash

    Frequent Member

  • Advanced user
  • 162 posts
  • Interests:electronics, PCs, cinema, reading books, psychology, philosophy
  •  
    Moldova

Posted 12 November 2010 - 05:57 PM

fxchby
Hey, that was a bad joke, realy ;) Do not repeat it ever or you will loose every esteem.

jamal
EICAR test is illustrative, but not informative. How about a real worldwide known virus?

#10 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13749 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 November 2010 - 07:44 PM

Do not repeat it ever or you will loose every esteem.


Logic flaw detected ;) :
to loose esteem, one needs to have managed to actually get some of it BEFORE.....;)

;)
Wonko

#11 homes32

homes32

    Gold Member

  • .script developer
  • 1021 posts
  • Location:Minnesota
  •  
    United States

Posted 12 November 2010 - 07:59 PM

the string is worthless. what exactly does it tell you??? that your AV can detect a test string created 5 years ago? give any competent programer 15 minutes and they can write a program to detect that string. Saying nothing whatsoever about a programs ability to detect and remove real live viruses/malware.

the only thing EICAR string is good for is if you are curious what the "virus detected" screen on your particular AV looks like.

#12 soul108

soul108
  • Members
  • 5 posts
  • Interests:unknown
  •  
    United States

Posted 27 September 2011 - 04:22 PM

OMG ! wanking? well that's funny!

#13 Uvais

Uvais

    Frequent Member

  • Advanced user
  • 180 posts

Posted 27 September 2011 - 05:02 PM

ha ha Thanks :good: Posted Image

#14 Ghoster

Ghoster
  • Advanced user
  • 8 posts
  • Location:Somewhere Or Other
  •  
    Canada

Posted 11 October 2011 - 03:35 AM

This is always a nice test if you think your antivirus may not be functioning correctly. I believe that any antivirus with a database larger than 10 years ago (maybe a bit of sarcasm there :doh7:) should pick this up. Maybe if you're fearing that it's been silently disabled or something along those lines, it's always good to keep a page bookmarked with the code.

#15 Master of Disaster

Master of Disaster

    Member

  • Members
  • 62 posts
  •  
    Monaco

Posted 19 September 2012 - 04:41 AM

Very Very Very useful topic..Thanks a million :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users