Whic AV's pass all the Eicar antivirus test exept for eicar.com.txt?

I was able to download all three test viruses, to desktop, with NAV 2003. Only when i scanned them for viruses, after on my desktop, did i get any response from NAV. Is this the way it's supposed to work? I thought they should be caught while trying to download them. I don't really understand what eicar.com.txt is for, when i clicked on it at the website, NAV did nothing.

 

Well if your NAV didn't catch the *.COM version when you started to download it,then its something really wrong with it. Others are not necessary detected by other AVs. *.TXT sample of EICAR is usually displayed directly in browser (Opera/Mozilla). Its benign file anyway since TXT cannot harm anything.

 

Why is this good for?

 

dear flyrfan111, i agree with you regarding the EICAR text file. its just for those who are unable to download that binary file. when we scan a file through right-click context menu, chances are that the archive scanning is turned off. in that case the report might show that the file is clean though it might contain a virus. this creates a false sense of security. this holds true for any type of scans except On-Access scan. also i want to point out that emails and p2p are not all of the exit points of a virus. that is why it is advisable to scan your whole system with max settings. i'm not saying AVs are inferiour if it doesn't scan your archives by default. its just that users should choose their AVs which suits them.

for example an expert will feel comfortable even without On-Access scanner where a neophyte might need something that scans inside archives always except On-Access scans. the point is not detecting viruses in archives, it shouldn't create a false sense of security. so users not familier with viruses are advised to check their AV settings properly.

some AVs detect viruses in data files where there shouldn't be any. this happens due to our paranoid settings. for example .TXT .MPG .JPG etc shouldn't contain any viruses ( except buffer overflow exploits if possible ). this is annoying but sometimes these paranoid settings help new users. DrWeb for example still thinks one of my .CPP file has a modified trojan. bless you Igor.

 

I was wrong RejZoR when i attempt to download the .com file while using IE, NAV does automatically catch it. But when i try to download it with Firefox (which was what i was doing) NAV won't catch it, and NAV lets me download the file to desktop. Very strange. So it's not NAV, but Firefox is the problem, as it appears. Anyone else have this problem with Firefox? Could i have FF configured in a unsafe way?

 

I have seen this happen as well, not sure why though, I think it is because of the download manager FF uses, I have duplicated this with NOD,Panda and KAV 5. But I am not real sure why it does this.

 

What is the problem? You can have virus on computer but that does not mean you're infected. When you will want to start eicar.exe file, NAV will definetily catch it.

 

Thanks for that response Flyrfan111. I thought there may have been a problem with FF, but it sounds like you're right about the download manager. Seems a bit strange though.




Kloshar

It's not that there's a problem, for me anyway. Just that i was kinda worried i might have a new problem with my copy of Firefox, that's all.

 

Well firefox uses strange file caching system that uses extensionless files.
I don't understand whats the point of this,but you can have viruses/trojans in there and you won't even knew it since most of AVs don't scan extensionless files by default (unless you have set Scan all files). Opera and previous Firefoxes used normal files as they are downloaded from pages with extensions. So if it was a *.com file it was cached as *.com file. In Firefox, its saved as file without extension. Asked Mozilla devs,but never actuially got any real info why this is good.

 

Panda Titanium 2004 passes all test, including Double Zipped one.

 

NOD's new beta version, 2.000.11b, catches all eicar files, com, txt, zipped and 2zipped on download at least as long as a download manager is not used and its settings for the browser that's used is at "maximum efficiency." Don't know what would happen if download manager, which must be set at "maximum compatibility," is used, or a browser set at "maximum compatibility" is used because I haven't tried it under those circumstances. Perhaps someone else has.

 

Well avast! for example can catch all EICAR files for a very long time if you want... Its nothing revolutionar with its implimentation in NOD32...

 

Well, the NOD beta's new HTTP scanner also includes their AH option which is of added benefit in my mind.