Hi all,
I recently purchased NOD32 and must say that i am pretty impressed with it so far:) I have implemented Blackspear's guide here (http://www.wilderssecurity.com/showthread.php?t=37509) since this is a shared PC. Anyway i decided to test NODs 'IMON' effectiveness today using this site eicar.org (http://www.eicar.org/anti_virus_test_file.htm) and happily enough it blocked the first file download link immediately. I then went on to create a .txt and .com file using the virus string and AMON picked up on these too. However when i pasted the exact same string into a Office Word Document(2003) it failed to detect upon creation, execution or even context menu scan???
Should DMON detect this or not?

It probably has to do with the exact definition of the Eicar.com test file, as stated here: http://www.eicar.com/anti_virus_test_file.htm
{QUOTE-> It is also short and simple - in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product that supports the test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero. <-QUOTE}
Since you pasted the string into a Word Document, the resulting .doc file no longer meets the definition of the Eicar.com test file. The same thing applies to a webpage that includes this string. Since the string is in the middle of the webpage, it does not meet the definition of the file. ;)

Now, if you were somehow able to paste an eicar.txt file in a Word document as a separate object, that might be another story.

No, the eicar test file must be in a pure text file, not in a Word or another document.

Edited:
OK, Alglove was faster than me :-)

Yes that does seem to be the case, since the resulting .doc file ends up 19.5 KB opposed to 68 bytes.
Thanks for your help;)

Eicar is just a TESTVIRUS. Eicar was designed to test GENERAL functionality of AV Software and not for determining how good a software finds "embedded" viruses. There's even one rule - Eicar should be only detected if it has it's original filesize. This has basicly to do with a lot of readme.txt files from AV Software. Lots of companies writing there about EICAR and also quoting the ASC-II eicar text. It would be a false positive to detect such files!

If you want to know more about EICAR and how this Testvirus works take a look to over here where i explained it in the AV-Comparatives Forum:
http://www.av-comparatives.org/forum/viewtopic.php?t=150

8^) H.B.

{QUOTE-> Eicar is just a TESTVIRUS. Eicar was designed to test GENERAL functionality of AV Software <-QUOTE}
This is exactly what i originally wanted 'test GENERAL functionality'.
{QUOTE-> There's even one rule - Eicar should be only detected if it has it's original filesize. This has basicly to do with a lot of readme.txt files from AV Software. Lots of companies writing there about EICAR and also quoting the ASC-II eicar text. It would be a false positive to detect such files! <-QUOTE}
I disagree here, soley for it's test functionality. For example once a firewall has been setup correctly you will then wish to to test it using various 'Probing' sites. How else would one test Antivirus software?
{QUOTE-> If you want to know more about EICAR and how this Testvirus works take a look to over here where i explained it in the AV-Comparatives Forum:
http://www.av-comparatives.org/forum/viewtopic.php?t=150 <-QUOTE}
Very informative, thanks for link;)