Domain: eicar.org
Stories and comments across the archive that link to eicar.org.
Comments · 22
-
I can't be the first to suggest it, but...
Have you considered installing Windows?
Seriously, there are 'fake' viruses that are used for testing - really just a block of code that matches a virus signature, have you considered one of those? For example: http://www.eicar.org/anti_virus_test_file.htm (as others have mentioned).
-
Two testing options and a removal tool
There are a couple testing files and sites that exist for testing antiviruses that might be of interest. The one that I've used to ensure anti-virus software was functioning was EICAR which is a simple text file that virus definitions recognize but which does not actively do anything. This is useful for demonstrating that software is working, what a virus response looks like and how to remove a virus if it is found. Since it does nothing, it is only useful as a test and doesn't really get into how to deal with a fully compromised system.
An alternative is Spycar which will perform actions targeted in demonstrating browser exploits. It wouldn't be available in a non-internet lab, but you might be able to adapt the links there by putting the files up on an intranet.
http://www.spycar.org/Spycar.html referenced at http://www.pcworld.com/article/125138/put_your_antispyware_apps_to_the_test.html
http://www.eicar.org/anti_virus_test_file.htm referenced in a variety of places, including http://www.sophos.com/pressoffice/news/articles/2003/01/eicar.html
Removal scenarios vary according to how messed up a machine is by an infection. I usually use Trinity Rescue Kit as a first test for computers I don't trust or know have virus issues.
I use MalwareBytes from http://www.malwarebytes.org/ in some cases and found it to be more effective than many of the other solutions, even in the free version.
-
Re:Microsoft
Download the EICAR anti-virus test file. It's not a virus, but a delibrate test file that virtually all AV scanners will pick up as a virus as a dummy test.
(In fact, with Forefront running (the corporate version of Security Essentials - same engine, same definitions, just with some corporate reporting features), the box pops up straight away when I download it.)
-
Re:i stopped using avast because of popups
...but really, who knows if they're working.
is there a way to evaluate antivirus software?
Eicar (antivirus test file): http://www.eicar.org/anti_virus_test_file.htm
-
Re:Microsoft
You can test the scanning and real-time capabilities of your AV with this:
-
Re:Excellent Presentation
Indeed, think about the one instruction set computer or languages like Brainf*ck; you can do a lot with just a few simple instructions, especially if you accept that no human being will be able to follow control flow by looking at the assembly. You may end up with a *lot* of instructions to encode relatively simple programs, but it certainly will work.
There has been work done in this sort of area before. Look at the EICAR virus test file http://www.eicar.org/anti_virus_test_file.htm/. Although it isn't english prose, it is all upper-case letters and symbols (printable ASCII), and when executed it prints its message and exits.
Kudos to the researchers here for their hard work.
-
Re:eicar already has a test fileYou can use these files to test if your AV program is working
http://www.eicar.org/anti_virus_test_file.htmSo, after all the preceding BS about requiring CR to "accept liability" for anything they produce, here's what eicar says:
Important note: EICAR cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. You download these files at your own risk. Download these files only if you are sufficiently secure in the usage of your AV scanner. EICAR cannot and will not provide any help to remove these files from your computer. Please contact the manufacturer/vendor of your AV scanner to seek such help.
and
How to delete the test file from your PC
We understand (from the many emails we receive) that it might be difficult for you to delete the test file from your PC. After all, your scanner believes it is a virus infected file and does not allow you to access it anymore. At this point we must refer to our standard answer concerning support for the test file. We are sorry to tell you that EICAR cannot and will not provide AV scanner specific support. The best source to get such information from is the vendor of the tool which you purchased. Please contact the support people of your vendor. They have the required expertise to help you in the usage of the tool. Needless to say that you should have read the user's manual first before contacting them.Real fucking responsible of the pros, huh?
Not to mention they use that silly glyph for their name on their web page, so when you copy it, it shows up as a blank and you have to manually overtype the word EICAR. Shitheads.
-
eicar already has a test file
You can use these files to test if your AV program is working
http://www.eicar.org/anti_virus_test_file.htm -
Re:well, here's the problem...
If you do have some AV software running, you can use this file to set off some alarms to make sure your AV software actually works. Note that this is a harmless test file that doesn't do any damage on any platform.
-
Re:Standard testing for spam filters
Maybe an eicar http://www.eicar.org/ like standard should be created for testing purposes?
-
Re:A simple solutionsend her an email with this in the body
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVI
R US-TEST-FILE!$H+H*
Well you might need to place it in a txt file somewere.
I bet When here antivirus catches it, she would freak out and call someome after you. Most people that use outlook and outlook express are that way. I carry a floppy with a .com fie for testing and sometime forget to pick it up. I had one outlook oriented user find it, place it in the computer and then tried to claim that i was infecting all thier computers with viruses when i was actualy there to rid a couple. The funny thing was that when i sent them to eicars' website they insisted i made the site up to cover my tracks. I finaly told the to piss off and doubled thier bill as well as charged them for explaining what it does/is. I don't need stupidity like that and i figured they should pay for pissing me off. -
Re:Dude
Oh yeah, I forgot the interesting tidbit: The string is also a legal
.com file. If you save the ASCII text (without the space in between VIR and US) to a file, say, eicar.com and run it, it will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!"
It's safe to do, but then again, don't take my word for running any precompiled code on your machine :) You could also go to the source. -
Re:Under the Google radar
No, you won't. Your virus scanner will ring the alarm, but that is a good thing, because it means that it works.
Read: http://www.eicar.org/anti_virus_test_file.htm -
Re:Under the Google radar
Still nothing on it, wonder how long it'll be before it shows up?
NeverEverNoSanity WebWorm generation 11
-
i know what to includehow about the eicar string?
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVI
R US-TEST-FILE!$H+H*seriously though, I wonder if they're going to manually go through each text entry.
-
Re:To see if you have spyware...
IMHO, Spybot & Ad-Aware are both absolutely necessary as is HijackThis:
http://www.spywareinfo.com/~merijn/downloads.html
I support quite a few home systems. Currently, the majority of my time is spent cleaning spyware and virus infestations. After installing Ad-Aware, HijackThis and Spybot, my clients stop having problems. As well, a working virus scanner is important. I've encountered several systems where the virus scanner has been deactivated. Therefore, I've been putting the EICAR test virus on all my systems.
http://www.eicar.org/anti_virus_test_file.htm
Spyware used to be most bots from hackers, now it seems it's all marketing crap from big business. Isn't greed grand? -
Re:9 Architectures, 9 BinariesActually, the text file is:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVI
It is in fact a perfectly validR US-TEST-FILE!$H+H* .COM file, very carefully constructed (although not with the extra space that Slashdot will add--download it directly here instead). If you rename it to a .COM file and run it, it prints the obvious message.The Google definition link is awesome though.
:-) -
9 Architectures, 9 BinariesYes, the Debian installer working on nine different architectures is interesting, but it has a glaring flaw: It requires nine separate binaries, one for each architecture. That means making a big pile of bootable CDs to install on various platforms. Boo!
Although it is admittedly difficult, it is in fact possible to write a single piece of bootstrapping machine code that properly runs on ALL of those architectures, without faulting, that jumps to a separate section of the executable code based on the architecture it detects. (This is similar to the old eicar file which was both a text file and an x86 executable, only this is all of a PowerPC, Alpha, x86, 68xxx, etc., executable.)
This means that a SINGLE binary installer can work on ALL nine architectures; a tremendous improvement. Yes, Debian has taken a step in the right direction with their nine platforms, but they need to work on getting the binary compatibility nailed down.
-
Re:Try AntiVir XP
The free version of AntiVir will not scan or protect from files opened or accessed from a network share. A fair compromise by them for an other wise very good free product but something you should be aware of if you have a home network with shared resources.
You can test and verify this operation on any vendors antivirus product with the eicar test virus. -
Re:something to check for in your AV scannerDisclaimer: I work for Symantec and do QA on one of their antivirus-based products.
I know for a fact that Symantec can detect viruses in almost any archive you can think of, with the exception being encrypted containers (if you can't read inside the damn thing, of course you aren't going to find the virus). Gzip, hqx, tarballs, even a couple of containers I've never actually used outside of work can be broken down by Symantec's AV products.
Now, just to be sure I'm not a total schill, I'd like to point out that I'm sure our main commercial competitors can detect viruses in most or all of these containers as well. If you want to know for sure whether your AV software can read these containers, then download the eicar test virus, put it in the container you want to check out, and run it through your AV scanner of choice.
For those who are not in the AV field and might not be familiar with it, google on "eicar" to ensure that I'm not pointing you to a real virus instead of a benign dummy virus.
Posting anon only because in this economy I fear for my job and do not wish to give my employer any excuse to fire me.
-
Re:Antivirus Company Submissions
One thing to note about AntiVir. The free version does not check files opened, accessed, or run from a network share. You can verify this with the eicar test file. They are clear about this fact when using the free version for personal use but a very important point to remeber if you are using this on a home networked computer!! Also being free for home use, I switched to AVG.
-
EICAR Virus Test file
Yes, I had the same need... in order to test a virus scanner I mailed BO2k to see how it worked.
It wasn't necessary though; every virus scanner should react to the EICAR anti-virus test file (she here). So if any of you ever need to test a virus scanner and have some management guy brething in your neck and raving about how using a real virus can compromise security use the EICAR file. Just mail him the virus personally by another mail gateway after that just to prove your point :)
fsm