TESTVIRUS.org

Hi!

I do this test on my computer, with lastest update of NOD32 and Thunderbird Mail Client and NOD32 failed in this tests:

Test #5: Eicar virus sent using BinHex encoding
Test #6: Eicar virus embedded within another MIME segment
Test #7: Eicar virus sent using uuencoding within a MIME segment
Test #8: Eicar virus sent using BinHex encoding within a MIME segment
Test #12: Eicar virus within a password protected ZIP file
Test #14: Eicar virus sent in a Microsoft TNEF file (winmail.dat)
Test #19: Eicar virus within zip file hidden using the "Blank Folding Vulnerability"
Test #20: Eicar virus within zip file hidden using the "MIME Boundary Space Gap Vulnerability"
Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability"
Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability"

These are my settings:
http://student.dei.uc.pt/~umbelino/lixo/nod32_imon.png
http://student.dei.uc.pt/~umbelino/lixo/nod32_imon2.png

 

I don't have to be worried with this?

 

I haven't taken a closer look at all of those tests, but what surprises me is a test in which eicar is sent in a password-protected archive. How one can expect that an AV will detect it? Maybe we could implement a brute-force password detection to IMON, but I'm not sure someone would dare to wait several hours/days to receive an email with a password-protected archive in attachment.

 

Hi Marcos,

You're right, the password-protected archive is a stupid test...

I'm very satisfied with NOD32

 

I make this test with the new version of Kaspersky and only the 12, 20 and 21 tests failed!!!

 

I'm not sure I understand why one would possibly want NOD32 to detect a password protected zipped virus. Isn't the reason for password protection in such an instance because one wishes to bypass ISP virus scanning so that one can successfully send a viral sample to someone who is expecting it and who has the password? Having NOD detect/destroy this would defeat the purpose of password protection!

 

All of you just noticed zip protected test failure ?
What about test number 6,7,8 .
To VaMPiRiC_CRoW you have to worry about that ! because
MUA's can read such a mail and from my experience you can't relay on end user
common sense
I've posted few days ago message about NOD32 on Linux not scanning properly
malformed mail and pointed out that antivirus program can't expect
that mail created by viruses will tight close to specs, on the contrary they will use every possible vulnerability.
I've wrote about that to NOD tech support but with no replay.
For now I'm little bit disappointed with NOD32 reliability
Previously I've use MicroTrend InterScan without such a problems.

Krzysztof Cieniuch