EICAR Test File Test!! Is Your Antivirus Web Protection Any Good??

I think this test is about a 100 years old. Most av's have problems with the online string indeed

 

See this thread, used Blackspear's settings.
https://www.wilderssecurity.com/showthread.php?t=191248

 

drweb gets 3/4

but i too, cant believe eicar has been posted to Test!!

 

This is not a "if your antivirus detects this and that or is good" type of test, but is there just for people to check if their virus protection is running or not.

 

Wonder if there is a test file that test the antivirus Heurtics & packer/cryptor
detection as well EICAR only test the AV signature based detection.

 

Methinks so too, it has been around for a long time. Still, lot of folk trying it out.
So I did, too. (Again. )
Avast, default settings, webshield on, prevented all pages from loading, just as it's supposed to.
Webshield paused, Alert on 1, no alert on 2, unless it was renamed to an .exe then run, or saved then manually scanned as a text file, alert on 3 and 4 when unzipping them; double unzipping in the case of 4.
Nothing has changed.

 

You should check your settings.
I got access denied 4 times

 

The suite with it's webguard will pass the 2nd test.

 

You are correct, I went to the Avira official forum & they taught me how.
AVIRA passed the test on Hightest settings,

 

Even if your AV does not detect the three packed files you are protected just the same. Why? Archives are not dangerous until their contents are unpacked, which is when the on-access component of your favourite AV will detect the infection anyway, before it can execute. This is deactivated (or at least severely limited) by default in most AVs since with too aggressive/thorrough settings it can completely grind your system to a halt whenever you try to view a folder containing archives with explorer (especially SFXes).

So, after all I am restating this since noone did:
This so called test does NOT in any way indicate whether you are protected or not, only whether your AV is scanning archives on-access (or can be configured to do so).

Don't make any claims or choices about the quality of a product based on something as nonsensical as this, please

 

Although EICAR is long been somewhat useful in testing AV's has anyone ever considered the field is ripe for another virus testing app aside from just EICAR which is been around since Windows 98 days.

Does anyone share this interest with me?

I'm really quite surprised that not even an AV vendor is produced there own fashioned AV tester with perhaps a bit more evasive code in order to better benchmark AV's then EICAR.

 

I used to think like you do. But not anymore. Why? Because I got tired of having to take the time to use WinRAR and unpack and THEN have my AV alert. The AV should alert on right click scan before you do anything like unpacking or alert in WinRAR (if you set your AV to work with WinRAR) before you unpack. I never use an AV at default settings. Those always weak. I have Avira set for Guard to scan archives to a maximum recursion depth of 10 (Luke FileWalker to a depth of 50). I've never had any problems with Explorer slowing down. If I could not set Avira in this way, I wouldn't use it. It is one reason I left NOD32. I should not have to spend extra time unpacking because my AV is too weak to perform properly.

 

Eicar was created by CARO (Computer AntiVirus Researcher's Organization) and published by Eicar. According to Eicar when the new page was published last December: "The content of this documentation (title-only) was adapted 1 September 2006 to add verification of the activity of anti-malware or anti-spyware products. It was decided not to change the file itself for backward-compatibility reasons." You'd need to ask CARO to create a new file and obviously they chose not to do so in 2006 so I doubt they would want to a year later.

 

Why? How does this improve your security? How does failing to do so increase your risk to malware?

Looks like you're still confusing archive formats with packer formats.

 

No it is semantics. I know exactly what I am talking about. Unpacking, unraveling, taking apart, etc. all the same. What matters is my time. I should not have to take the time to open, unpack, unravel, etc a zipped/RARed file just to find later that it is infected. The AV should tell me before I bother to do anything with it ...then I won't have bothered for nothing.

 

Either you're running on a 486 if unzipping time is that big a deal to you, or you're just another random person with strange idiosyncrasies, but you're still wrong either way. Avira decompresses archive files to C:\Documents and Settings\[insert user name here]\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP before it can scan the files. So you're not saving any time here, since Avira decompresses them anyway. In fact, you're WASTING time since you have to decompress all clean files twice. But I love how misguided people like to act based on subconscious assumptions.

At any rate, I'm glad Avira has the option to turn off real-time archive scanning, or I'd have to look for another AV for my mom's 256MB Celeron laptop.

Why live? You'll just die in the end anyway.

 

I admire your enthusiasm but no, AntiVir PE Premium does not have 'web antivirus'

Go for the Premium Security Suite if you want 'web scan' module.

 

Solcroft, I think Mele is saying that she dropped Nod for what Avira can do.

 

Looks like the OP didn't even read the instructions written on the page he mentionned. Besides remarks by FRug, that are absolutely correct, it should be noticed that test 2 (the .txt file) does not make any sense.

When in a text file, the EICAR test string is...just a string. When in a .com file, it is an executable (that just writes a string). Detecting the text file is absolutely useless and irrelevant.

 

thanks for the advice.

Avira passed the test now
, I went to the Avira official forum & they taught me how. to setup, scan all archives & scan all files(max settings)
AVIRA passed the test on Hightest settings,

 

kaspersky has a few files to test their emulator (they shouldn't have malicious content): http://tav.kaspersky.fr/test/emul.zip

 

IE detects it and the majority of users still use IE and it is the average/newbie user that the eicar test is aimed at mostly anyway. Avira on IE alerts twice on all four...I don't know why it alerts twice. In Opera, if you copy the address of the txt file download and put that in Opera's address bar then Avira alerts but it doesn't if you just click on the file on the download page and Fx never alerts ...it streams the text so there is nothing to alert on.

I thought this was interesting that only 16 of 30 AV vendors can detect eicar embedded in a rich text file which means that someone could embed an already detected nasty in a rich text file and one-half of the scanners would not detect it. Avira detects it.

http://vil.nai.com/images/Blog- RTF Malware4.JPG

Can I post this? It is not from Jotti or Virustotal rather it is from a Symantec blog. I'll post it and we'll see what happens.

 

Just clicked on that link expecting to open a link to a test at the Kaspersky site and NOD32 v3.0.563.0 promptly stopped the test file and quarantined it. Eset has identified it as 'Probably unknown NewHeur_PE virus' and asked me to submit a sample. Done. At least I know my anti virus is working!
Ian

 

That's just Eicar.