ecar virus simulator

Discussion in 'ESET NOD32 Antivirus' started by badactor, Nov 17, 2010.

Thread Status:
Not open for further replies.
  1. badactor

    badactor Registered Member

    Joined:
    Nov 17, 2010
    Posts:
    2
    I hit an article where the staff mentioned Ecar.com Google shows only two
    post to this site, so a third.

    I run Nod32 now ESETnod32 almost all the time, now with XPro64bit, but
    the OS doesn't matter nor the anti-virus program.

    I have
    XADDED5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
    that should make this page unvisitable without ADDED if I assume correctly.
    I used to add it to usenet posts to set off alerts.

    If I take that line and create fake.com I get "that file isn't made for this OS" at the moment, other times (OS's) I get nothing.

    I go to ~No links to malware allowed here.~ (site is clean but contains virus's) to test my anti-virus programs
    .
    viruswarning.jpg
    .
    Nod32 catches about 80% which is very good.

    But my question is why doesn't the Ecar string work?
    My string was picked up 1 May 2003, as The Anti-Virus test file, But shouldn't matter.

    Just curious, thanks.
     
    Last edited by a moderator: Nov 17, 2010
  2. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes. And since it's a VX site, I wouldn't expect a serious antivirus to detect more of the stuff out there.
     
  4. badactor

    badactor Registered Member

    Joined:
    Nov 17, 2010
    Posts:
    2
    One of the test was to send Ecar back to myself, to see if
    it were caught. I just noticed the E-mail wasn't sent.
    (Agent newsreader 1.93 using stunnel for POP3).

    The reason:
    11/16/2010 7:37:35 PM Error reported by Server: 552-5.7.0 Our system detected an illegal attachment on your message.
    Please.: Sending email message "test".

    No clue what the Please is all about, but shows at least my mail server is blocking ecar :doubt: .

    Thanks for the replies.
     
  5. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    It's Eicar, not Ecar. Are you sure you are visiting the correct site? Or more accurately - EICAR - European Institute for Computer Antivirus Research.


    Jim
     
  6. no_idea

    no_idea Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    83
    The operating system might matter if you just test the EICAR.com "virus".

    As this is a simple DOS program, it might no longer be able to run in a 64bit Windows environment, as Microsoft has pruned this function from their 64bit systems.
     
Thread Status:
Not open for further replies.