Reading the same old story day in and day out........People asking which is the best AV solution. There is mostly (more like always.....) just one answer:
Nod32 or Kav.

I would just like to ask everybody, using these programs, to run the Eicar Mailtest.....http://www.webmail.us/testvirus and report back here about the findings.

It amazes me every time again, that nobody seems to run this test. I think it's important just to see how bad Nod32 scores within this test.

For me it is so important to have the e-mail scanning section as good as possible, as this is the biggest problem these days.

I have been testing several av's (big names) and came out at Dr. Web. This program deals with infected mails in a great way. 24 out of the 26 tests are detected and dealt with. This is a great score compared to the 'big' names here every minute of the day.

I hope a lot of you guys out here will run this Eicar Mailtest and reaport what happened.

Good luck...... ;)

Putin

-{ Quote: "I think it's important just to see how bad Nod32 scores within this test." }-

Are you waiting for somebody "special" to make a comment on this ? ;D
Have a nice day ;)

The simple fact of the matter is that many, perhaps most, will report nothing. Many ISP's figured out that this is very easily dealt with at the server level and those e-mails simply won't make it through.

As for NOD32's performance in this regard, I've never seen a problem. Ever.

Blue

EICAR sample was never meant to be modified or encoded in any way...

-{ Quote: "Reading the same old story day in and day out........People asking which is the best AV solution. There is mostly (more like always.....) just one answer: Nod32 or Kav." }-That isn't my "answer" but maybe I'm out-of-step with this Board. This Board's opinion does not necessarily reflect that of the User-Community-At-Large or of the Security-Community-At-Large. If you go to a different Board, you will get different prevailing opinion. ;)

-{ Quote: "EICAR sample was never meant to be modified or encoded in any way..." }-

:-* :-* :-* :-* :-* :-* :-* :-* :-* :-*

Send me your address via PM i"ll post you right now a six-pack of beer :o

Reading the same old story, People asking which is the best Eicar test.

As Marcos says: The only regular eicar files for testing are available at http://www.eicar.org/anti_virus_test_file.htm

Please read here (http://www.wilderssecurity.com/showthread.php?t=76159)

-{ Quote: "This Board's opinion does not necessarily reflect that of the User-Community-At-Large or of the Security-Community-At-Large." }-We both know AV opinions vary from board to board and the AV wars will always rage on....but....to tag Wilders board as a board that "does not necessarily reflect that of the User-Community-At-Large or of the Security-Community-At-Large" is a sad commentary for all the many posts that have passed thru these Forums. While Wilders may be the Home to a Quality AV program....it in no way should be construed by anyone that this board as a whole is any different than other boards as for being opinionated....and to suggest any differently is simply an opinion I'll disagree with.

-{ Quote: "While Wilders may be the Home to a Quality AV program....it in no way should be construed by anyone that this board as a whole is any different than other boards as for being opinionated....and to suggest any differently is simply an opinion I'll disagree with." }-Actually all Boards are opinionated; the very nature of the "which AV is best" debate is one of opinion. That is all I meant; did not mean to sound critical of Wilders. ;)

-{ Quote: "Are you waiting for somebody "special" to make a comment on this ? ;D
Have a nice day ;)" }-

I don't wait for anybody 'special', as you can read in my topic!!!

But still funny.......that you react as first!!!!

Have a nice day too !!!! ;)

Putin

-{ Quote: "The simple fact of the matter is that many, perhaps most, will report nothing. Many ISP's figured out that this is very easily dealt with at the server level and those e-mails simply won't make it through.

As for NOD32's performance in this regard, I've never seen a problem. Ever.

Blue" }-

My ISP doesn't deal with it at server level and all the mails make it through.

Please run this test and see what happens with these mails, perhaps you'll know what I mean and maybe you will be able to explain to me why a lot of these mails are not dealt with......that's all I'm asking.

Regards,

Putin

-{ Quote: "Reading the same old story, People asking which is the best Eicar test.

As Marcos says: The only regular eicar files for testing are available at http://www.eicar.org/anti_virus_test_file.htm

Please read here (http://www.wilderssecurity.com/showthread.php?t=76159)" }-

Running these eicar testfiles is not the same as running the Eicar Mailtest!!!!!!

Just run this mailtest and see what happens!!!!!

Greetings,

Putin

-{ Quote: "EICAR sample was never meant to be modified or encoded in any way..." }-


I am amazed about your comment. Have you ever ran this Eicar Mailtest?
Please do and try to explain to me why the results are so poorly with most AV's.

Greetings,

Putin

putin,read my post above...

-{ Quote: "putin,read my post above..." }-

...Happy Bytes hand signed beer cans.... i still need the address ::) :D
That's not a joke... i"ll send them really :o

Can i have one beer too pls?

About these tests, i am not a specialist, but up to now i am very satisfied with my nod32, no problem at all and no inflections, even when i surf to dangerous places:) These tests are possibly useful, but the most important is how the AV protects in the real life and no under 'simulated' conditions. Up to now NOD32 protects me perfectly, so no thought to change it or to check it with that test which possibly is optimised to behave good in some selected AV softwares.

-{ Quote: "EICAR sample was never meant to be modified or encoded in any way..." }-

OMG there is a voice of reason!

Edit: I want some beer. :'(

-{ Quote: "Can i have one beer too pls?

About these tests, i am not a specialist, but up to now i am very satisfied with my nod32, no problem at all and no inflections, even when i surf to dangerous places:) These tests are possibly useful, but the most important is how the AV protects in the real life and no under 'simulated' conditions. Up to now NOD32 protects me perfectly, so no thought to change it or to check it with that test which possibly is optimised to behave good in some selected AV softwares." }-

Just run the test and see what your AV does with these 'Eicar infected' mails. There is nothing simulated......just go there and see and then give your comment.

Greetings,

Putin

C'mon people,start reading! EICAR sample MUST have the exact string as stated on official EICAR webpage. If this string is altered in any way (bytes added/removed/exchanged) the sample is no longer valid and cannot be taken as any result of detection. You can however pack EICAR with different archive types (like ZIP,RAR,ACE,CAB,GZIP...),or make several compression layers(levels) and change extension. Thats all. If you start embedding EICAR string in other files,encoding it,doing all other fuzzy things with EICAR string you simply break it's main purpose. If AV miss the modified EICAR sample,thats nothing wrong since it was never meant to be changed in the first palce.

:o :o :o so Marcos was right that The only regular eicar files for testing are available at http://www.eicar.org/anti_virus_test_file.htm

I havent tried the test Putin. Just tell me the reason why the other AV cant do this that Dr Web does.

Quote taken from official EICAR webpage:

-{ Quote: "Any anti-virus product that supports the text link button test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero." }-

Yes,it's importnat how EICAR code looks,but many antiviruses pick it even if it's modified. Although it should be only detected under specific rules (read above).

-{ Quote: "C'mon people,start reading! EICAR sample MUST have the exact string as stated on official EICAR webpage. If this string is altered in any way (bytes added/removed/exchanged) the sample is no longer valid and cannot be taken as any result of detection. You can however pack EICAR with different archive types (like ZIP,RAR,ACE,CAB,GZIP...),or make several compression layers(levels) and change extension. Thats all. If you start embedding EICAR string in other files,encoding it,doing all other fuzzy things with EICAR string you simply break it's main purpose. If AV miss the modified EICAR sample,thats nothing wrong since it was never meant to be changed in the first palce." }-

The Eicar Mailtest is found on this site: http://www.security-ops.tk/ mentioned at the bottom of your own profile, so why are you questioning this now? Bit weird to me.......it's even supported by AVAST!!!!!

Putin

-{ Quote: ":o :o :o so Marcos was right that The only regular eicar files for testing are available at http://www.eicar.org/anti_virus_test_file.htm

I havent tried the test Putin. Just tell me the reason why the other AV cant do this that Dr Web does." }-

That's why I think Dr. Web is a great program, as it just detects all the eicars except two and most other AV's don't.
Another AV which scores very well with this test is: AVG 7.0.
It gives me peace of mind and I just wonder why the other AV's don't handle the files the same way.......that's all I wonder about. But everybody here is fighting this statement as I probably step on a lot of long toes.

The only 'great' scanner in the world according to this forum is Nod32.......and this makes me irritated. Just run this test and see what NOD32 does with these files and tell me why it doesn't do better, that's all.

Greetings,

Putin

Btw, Eicar is not a virus ;)

I hafta admit I purchased my AV to detect virii.

-{ Quote: "Btw, Eicar is not a virus ;)" }-

Who says it is?

Putin

-{ Quote: "I hafta admit I purchased my AV to detect virii." }-

The only way you test your AV is with a real virus?
Why all the thousands of articles in magazines with tests.....????
Why VB100 .......????

;) Putin

-{ Quote: "The Eicar Mailtest is found on this site: http://www.security-ops.tk/ mentioned at the bottom of your own profile, so why are you questioning this now? Bit weird to me.......it's even supported by AVAST!!!!!

Putin" }-

Where have you seen its supported by avast! !? And at time i added it on page it used only few types of tests (mainly archived types and with regular attachement methods,not some encoded crap). Haven't tested with it since then...

-{ Quote: "The only way you test your AV is with a real virus?
Why all the thousands of articles in magazines with tests.....????
Why VB100 .......????

;) Putin" }-

I think you missed something - I am not an AV tester and I do not test my AV. I bought it to detect virii (after extensive research) - I actually hope it does not detect harmless files because I consider false positives to be a very bad thing. I have written no articles or performed AV tests and have never claimed to.

-{ Quote: "Where have you seen its supported by avast! !? And at time i added it on page it used only few types of tests (mainly archived types and with regular attachement methods,not some encoded crap). Haven't tested with it since then..." }-

Just follow this link and take a look at the bottom........I can't believe you don't know this, come on now!!!!!!

I found this link a long time ago and tested many AV's with (I think) great test. The reason for me to look at this site........because I regard you highly as an AV expert and therefore use your site frequently, but now you are fighting it......and that really surprises me.
Maybe it's time to take a look again and remove your so-called 'encoded CRAP'.

Take care...... ;) Putin

I still don't get this part:
"...it's even supported by AVAST!!!!!"

-{ Quote: "I still don't get this part:
"...it's even supported by AVAST!!!!!"" }-


At the bottom of your site: http://www.security-ops.tk/ there is a logo from Avast and it states: " supported by Avast " and you asked me where I found this...........


Putin

Thats because i have also a domain icon and i cannot state Protected by: and under that add avast! picture and domain picture. How can domain protect files?
It can't,so i added supported by.
I added avast! icon there because all files are scanned by avast! before are uploaded to server. There was an incident where someone was stating that i was distributing worms through email while that is very impossible (GMail denies any suspicious attachements and everything is checked by avast!+my very own NeuroHeuristics(TM)). I'm gonna dump that domain anyway,so i'll fix this text.

After a number of very diasappointing reactions ( for me anyway......) I'll just leave it at that!!

I feel the resistance coming out of the same corner all the time......yes: the NOD32 corner.

I have to admit....it's a good AV, but there's more out there and I find it very shortsighted just to refer to this program all the time.

I'll rest my case and wish you all the best of luck, but find it a shame to always read Nod, Nod, Nod......and so on.

That's it!

God luck.

Putin

It looks like they are deleted before they arrive. My ISP uses Brightmail. Every single test was deleted. There's nothing for NOD32 to warn for.
*edit - spoke too soon.All but the last 2. #24 I could not open because I don't have an app associated with the file type. Outpost won't let me open the last one:

I guess I'm supposed to be a "NOD" corner but I actually use/maintain one copy of NOD and 4 AVG installations, plus about 4 more AVG installs I keep up with for friends. I admit I don't consider AVG "as good" but I certainly hope it will not have FPs either.

Regardless of what anyone says...I'm a NOD fan. IMO..it's the best AV on the market (and not just because I'm a reseller). I have run several different AV's on many different types of machines and I always go back to NOD32. I have never had an infection on any of the systems I run NOD on and I do go to some sites on the "darkside".

I know there are other great AV's out there and credit where credit is due. But, for my (and my clients) money...it doesn't get any better than NOD32.

Im not an expert, just still wonder why the other AV (except dr web) fails the test. The site is known, the test is known, it would be very easy to include these 'items' to their database. This make me to think that something is not going ok with this test.
thanks

Putin, your whole post is most offensive with this initial post:

-{ Quote: "I think it's important just to see how bad Nod32 scores within this test." }-

RejZoR is for sure not a fanatic NOD32 user - he is a "Avast Fan".
And he's still trying to explain to you why such tests are "full of ****".
And to make one comment on this, i for one consider RejZoR regarding technically facts of av software much more experienced than you.

He did hit the nail on the head in this thread already a few times. Or do you think i would offer him a six pack just for writing ********?! :o

And i tell you now a thing what you wouldn't expect:
If somebody would start such **** against another antivirus, AVAST or Kasperksy for instance i would also join this thread and defend THESE PRODUCTS! Period!

Your Dr.Web failed also this test by missing 2 emails! If this would be really important wouldn't you agree with me that Dr.Web should have detected this 2 emails?! I remember such email test sites very well - just take a look in one of my last postings here: http://www.wilderssecurity.com/showpost.php?p=435206&postcount=3

Otherwise i prefer GFI Email Security Test which is not limited to antivirus only and uses normal unmodified EICAR sample as one of the tests.

Ok,i tried this mail test again just for fun and it came 100% blocked.
GMail blocked those more obvious EICAR samples,other encoded garbage was just displayed as plain-text(harmless) and last TNEF (winmail.dat) was intercepted by avast! on download (using explorer extension scan,otherwise mailscanner would pick it for sure (since it's just an archive).

This may be a bit off topic, but hopefully I'm ok. :)

Everytime I install an AV to see how I like it and how it runs on my computer, I run the official Eicar test. Of all the AV's that I installed, all except AVG would detect the eicar.com.txt test. Isn't that not a good thing? I'm not bashing AVG, it does ok on the other eicar test. I just want to know how that affects a typical user if the AV he/she is using won't detect the eicar.com.txt test.

You need to set AVG to scan all files. That should do the trick.
And you also showed the true purpose of EICAR sample. It's used to verify if antivirus is working at all.

-{ Quote: "Putin, your whole post is most offensive with this initial post:



RejZoR is for sure not a fanatic NOD32 user - he is a "Avast Fan".
And he's still trying to explain to you why such tests are "full of ****".
And to make one comment on this, i for one consider RejZoR regarding technically facts of av software much more experienced than you.

He did hit the nail on the head in this thread already a few times. Or do you think i would offer him a six pack just for writing ********?! :o

And i tell you now a thing what you wouldn't expect:
If somebody would start such **** against another antivirus, AVAST or Kasperksy for instance i would also join this thread and defend THESE PRODUCTS! Period!

Your Dr.Web failed also this test by missing 2 emails! If this would be really important wouldn't you agree with me that Dr.Web should have detected this 2 emails?! I remember such email test sites very well - just take a look in one of my last postings here: http://www.wilderssecurity.com/showpost.php?p=435206&postcount=3" }-

As I stated a few posts back.......I'll leave it at that. You get all boiled up and even call my post offensive, just because I mention Nod32. Man....oh man.....that's exactly what I mean. Mind your reaction a bit and stop throwing
the **** at Dr. Web now, because it misses 2 emails.

I really didn't expect such a mad tongue from you........cool down and try to broaden your mind. It would brighten your life!!!

End of discussion for me, period!!!!!

Greetings,

Putin

-{ Quote: "You need to set AVG to scan all files. That should do the trick.
And you also showed the true purpose of EICAR sample. It's used to verify if antivirus is working at all." }-


Thanks RejZor. I'll check that out.

I must say 'Happy Bytes' that I doubt it necessary to include various swear words within your posts I dont come here to read that sort of thing, and please bear in mind we have a wide variety of users here of all ages.
I am aware you are a new user here but please dont lower the tone with such language.

-{ Quote: "I must say 'Happy Bytes' that I doubt it necessary to include various swear words within your posts I dont come here to read that sort of thing, and please bear in mind we have a wide variety of users here of all ages.
I am aware you are a new user here but please dont lower the tone with such language." }-


Thank you Tinribs, glad you notice the violent way of reacting, as indeed there is a wide variety of users here.

I have been askes before, but forgot by whom, why I even visit this forum if I don't like Nod32. I merely stated, that I am free to visit any forum that's public and I am seeking good information about AV programs and not 100% commercial chit-chat about 'the one and only' AV scanner.

Thanks again.

;) Putin

Wilders' is NOT just about NOD32. Its about security, computers, hardware, software. Just because Eset's got its official support forum here, does NOT mean Wilders' is owned by Eset. The NOD forum is just a part of Wilders.

When I joined Wilders', I too had been warned by a few 'guest' friends about the NOD 'fanboys'. And when I did join? What did I see? I saw NO FANBOYISM WHATSOEVER. I saw friendly, yes, FRIENDLY people from the NOD community.

Happy Bytes always present his honest opinion - That of a professional. I cant think of a single reason why I should not believe his word. Having worked for a large number of companies, Happy Bytes, is in NO WAY, partial to NOD32 when he comments on things he disagrees with.

I am NOT a NOD32 fanboy, I'm using ArcaVir right now and am happy with it.

I wont comment on this mail test yet. Its the real world that does matter; and I'll post back when I've done further analysis on this test.

Of course, I am NOT saying Dr.Web is bad.

May I also state that I do not use Nod32 either, I haven't for over a year, I found his foul language offensive the same as I would have found anyone using those words.

-{ Quote: "May I also state that I do not use Nod32 either, I haven't for over a year, I found his foul language offensive the same as I would have found anyone using those words." }-
Yes, he does sometimes not use the best of words to express what he wants to. :-\

My what virgin ears we've got here. How has the language offended you? It was used as an expression, not offensively. Time to grow up and accept language for what it is and how it's used.

Since we're now stuck talking about how Happy Bytes replied rather then the Eicar mailtest itself, this thread will now be closed.