Virus testing

Hey everyone

Does anyone know of any applications that are available to test virus applications? Currently, I use the eicar.com virus. However, not all antivirus companies detect it because they know it's a false positive and whitelist it.

I saw this application a while ago that started a process that made itself seem like a virus. But I can't find it anymore.

Anyone know of any?

Thanks

 

So you don't want real malware, only fake security test applications right? Just asking for clarification.

You can take a look here for those kind of programs.

 

Yeah. I don't feel like setting up a VM.

Thanks for the list, I'll look into it.

 

It still is a good idea to set up a VM if your going to be testing multiple applications.

 

http://spycar.org/Spycar.html

 

Why do u want to test ur AV

All av's will detect Eicar
43/ 43 (100.0%)
VT result.
If ur AV not detecting it then there's some problem..

 

Back Up your System and especially your Files (e.g. Documents, Music, Photos, Videos etc.)
BEFORE doing any Testing.

IF Available, use a Testing-PC (i.e. do Not use your Primary PC).

 

if any company gave you that excuse for why they don't detect eicar, dump them immediately.

that is one of the dumbest things i have ever heard, and i'd definitely like to know which companies actually do that (and roast them publicly).

any vendor worth their salt (that actually produces a scanner) will detect eicar intentionally despite the fact that it is not malware. it is meant to serve as a way to test whether your AV is up and running properly - a function that all companies ought to be providing their customers.

otherwise the customer has no way to know if the product is doing it's job, and if the vendor doesn't want you to know if their product is doing it's job then you don't want what that vendor is offering.

eicar has been around for so long that there is no reason for any scanner vendor to have not implemented detection for it.

 

that's for testing anti-spyware apps. it pretends to be spyware, not a virus.

also, as i recall, it's geared to behaviour-based spyware prevention, which is an entirely different sort of security product.

 

It would probably be a waste of time testing AV's against applications like eicar. You would be better off testing an AV against real in the wild threats. Testing an AV against applications like eicar is like a martial artist punching, and kicking in the air all day without ever sparing against a live person that is going to hit back.

 

it really depends on the intention of the test.

if you're looking to determine whether the scanner is working then eicar is the perfect thing to test with.

if you're looking to determine how good various scanners are at detecting malware then, quite frankly, you're wasting your time. amateur testing is a fools errand. the expertise needed to do those kinds of tests anywhere near correctly is not easy to come by - nor are the time and manpower resource requirements.

 

I don't want to actually test scanners. I'm the creator of AVERT and I wanted other tests besides Eicar for two reasons:

1. I'm working on collecting the log files for each scanner so I can figure out to best parse the data. If a run a scan on a non-infected machine, I won't ever see how the log file is setup when a virus is detected, so I won't be able to figure out how to parse the file for that need.

2. I'm also working on figuring out how to run rkill with AVERT and I need to be able to run AVERT as a different type of executable, like a .com or something. So I needed a fake virus that kills executables just to make sure it's working in some capacity.

Thanks

 

just as eicar should be detected, it should also show up in the log file.

while it may be reported as something other than what normal malware is reported as, there is enough variation in the way normal malware is reported (even from a single product) that if you need to do any kind of intelligent parsing (i.e. parsing based on content rather than just format) then you actually are going to require real malware - and quite a wide variety of it.

OR - hmmm, maybe project v-grep can help you. not v-grep online, mind you, but since it has to parse log files maybe there's something you can glean from it/them.

i'm not sure i understand this one. you're trying to test your program's defenses against being killed and would like pretend malware that kills executables to test with?

if you're a software creator it stands to reason that you should be able to create such pretend malware.

 

I'm aware that them removing eicar will populate the correct data in the log file. I was mostly asking for the latter part. The eicar thing was just an example.

And yes, I could make a fake virus to kill executables, but why would I if there's something else already available? I could either spend a few minutes asking people if they know of such software (which was already provided) or a few hours making and testing the fake virus.

Besides, why do you even care? What I choose to do doesn't affect you in any way. I received what I needed and that's it.

 

i was trying to be helpful.

that said, the fact that i can't come up with an unambiguous meaning to your first paragraph suggests to me that you and i are simply not communicating on the same wavelength.

since you seem to have found what you were looking for i guess everything that needs to be said has been.