Hello,
How can i test if my Email Virusscan Works?
I want to test " bazzo9@icmail.net "
Don't worry it's not my default address.
I want to test how this email address protects against : Spam/Virusses .
So the conclusion is I want spam/Virii on this address ;D

-Baz-

outgoing email scanning works for spidermail, and dr.web users.

tried to send you one to the email you said viruses were allowed, didnt let me.
obviously zipped up to protect your machine.

either way, it didnt go through, so i suspect if you use dr.web (cant remember if you do) it should find it no problems through incoming email aswell.

;D

http://show.imagehosting.us/show/1930734/0/nouser_1930/T1_-1_1930734.JPG (http://www.imagehosting.us/index.php?action=show&ident=1930734) http://show.imagehosting.us/show/1930742/0/nouser_1930/T0_-1_1930742.JPG (http://www.imagehosting.us/index.php?action=show&ident=1930742)

Hi Bazz

I assume you're wanting as many spammers (preferably ones that send viruses) to have that email address as possible?
This report (http://www.cdt.org/speech/spam/030319spamreport.shtml) is quite old, but still shows the most common ways that attract spam to an address, if you wanted to do the opposite of what it recommends. :blink: ;)

I tried with a test email address some time ago to try and attract as much malware as possible to it, but all I ever got was masses of spam adverts and not a single malware sample, so I guess the spammers that mass-distribute malware use different to the spamming lists for viagra etc...

P.S. I'd be interested in suggestions from anyone who knows a good way of setting up a test email address to attract as much mass-mailed malware as possible. (i.e. where to submit an email address so it is targeted by malware spammers.) :)

Regards,
Londonbeat

ok bazz ive sent you a worm to the address you requested, lets hope it all works :)

{QUOTE-> outgoing email scanning works for spidermail, and dr.web users.

tried to send you one to the email you said viruses were allowed, didnt let me.
obviously zipped up to protect your machine.

either way, it didnt go through, so i suspect if you use dr.web (cant remember if you do) it should find it no problems through incoming email aswell.

;D

http://show.imagehosting.us/show/1930734/0/nouser_1930/T1_-1_1930734.JPG (http://www.imagehosting.us/index.php?action=show&ident=1930734) http://show.imagehosting.us/show/1930742/0/nouser_1930/T0_-1_1930742.JPG (http://www.imagehosting.us/index.php?action=show&ident=1930742) <-QUOTE}

I switch all the time , at this moment i have AVG FREE.
(I'm waiting for the next Dr.Web)

To test your antivirus mail scanner I decided to put the EICAR sample in a 7z self-extracting archive. A lot of antivirus programs still don't scan within 7z archives. I know when you run the self-extracting archive your antivirus should detect it, but you said you want to test your antivirus mail scanner and I thought this would be a good test.

Post back here and let me know if your mail scanner detected it.

My scanner (AVG) didn't detect it .
But Dr.Web does (Online)

~Online virus scan results removed - Ron- Send any samples to the respective antivirus vendors.~

Only Dr.Web detects it.
Is dr.web so good?

its most likely a false positive,

rar it up with the password virus and use my signature to send it for analysis.

well drweb has quite a few fp's but they do fix them quickly
i dont know if that one is an fp or not thou.
lodore

The file i sended in was Adware.Starware.
It's just that Dr.Web was the only one to recognize it....

was that the jotti result?

what did virustotal.com say?

same thing, probably a false positive... send it to dr.web either way.

Ok...
I downloaded Starware toolbar from www.starware.com
I knew starware was Spyware. So i send the Starware Toolbar to VirusScan.jotti.org and only Dr.Web found it
More info on Starware:
http://www.symantec.com/security_response/writeup.jsp?docid=2005-050313-4341-99
They Changed the code so that the AVs Can't find it but Dr.Web does...
It's no false positive.

it depends what settings the av's on jotti and virustotal are set to.
but drweb could be the only one detecting it.
lodore

all toolbars should always be avoided anyway..... nothing but trouble.

Ok.
Dr.Web is also the only one to find my "Registry Startpage Editor" which i made for testing purposes.

{QUOTE-> My scanner (AVG) didn't detect it .
But Dr.Web does (Online) <-QUOTE}

Was this referring to my EICAR 7z SFX sample?

{QUOTE-> Was this referring to my EICAR 7z SFX sample? <-QUOTE}
Yes;)

So I guess what that means is that AVG does not unpack and scan 7z archives.

I have never received a virus by e-mail in the last 6 years because my ISP scans and removes them on the server level. Even when I try to send/receive samples by e-mail to test my own account the messages always come back but stripped of the attachment. They do not, however, scan 7z archives either so that is the only way in which I can get away with testing samples to my e-mail accounts. I believe it is Symantec Brightmail that they use on the servers.

Ok.
I use dr.web now (As beta tester ) and i want to say: I really Really like it.
They changed the "virus found" screen a bit i think.Because the Shutdown button now isn't standing there alone.

Dr.Web
10/10

{QUOTE-> So I guess what that means is that AVG does not unpack and scan 7z archives.

I have never received a virus by e-mail in the last 6 years because my ISP scans and removes them on the server level. Even when I try to send/receive samples by e-mail to test my own account the messages always come back but stripped of the attachment. They do not, however, scan 7z archives either so that is the only way in which I can get away with testing samples to my e-mail accounts. I believe it is Symantec Brightmail that they use on the servers. <-QUOTE}

All you need to do to get past the gateway scanners (my ISP does the same as yours) is zip and PASSWORD PROTECT the virus you want to send to yourself, or have someone send you, or send to others. Just make sure the zipped file is password protected. Your ISP's mail scanner cannot open a password protected file so it can't strip the virus out and it just lets it through.

Hi,
Let's try yourself
http://www.gfi.com/emailsecuritytest/
Sincerly