Hi all, I recently purchased NOD32 and must say that i am pretty impressed with it so far I have implemented Blackspear's guide here since this is a shared PC. Anyway i decided to test NODs 'IMON' effectiveness today using this site eicar.org and happily enough it blocked the first file download link immediately. I then went on to create a .txt and .com file using the virus string and AMON picked up on these too. However when i pasted the exact same string into a Office Word Document(2003) it failed to detect upon creation, execution or even context menu scan Should DMON detect this or not?
It probably has to do with the exact definition of the Eicar.com test file, as stated here: http://www.eicar.com/anti_virus_test_file.htm Since you pasted the string into a Word Document, the resulting .doc file no longer meets the definition of the Eicar.com test file. The same thing applies to a webpage that includes this string. Since the string is in the middle of the webpage, it does not meet the definition of the file. Now, if you were somehow able to paste an eicar.txt file in a Word document as a separate object, that might be another story.
No, the eicar test file must be in a pure text file, not in a Word or another document. Edited: OK, Alglove was faster than me
Yes that does seem to be the case, since the resulting .doc file ends up 19.5 KB opposed to 68 bytes. Thanks for your help
Eicar is just a TESTVIRUS. Eicar was designed to test GENERAL functionality of AV Software and not for determining how good a software finds "embedded" viruses. There's even one rule - Eicar should be only detected if it has it's original filesize. This has basicly to do with a lot of readme.txt files from AV Software. Lots of companies writing there about EICAR and also quoting the ASC-II eicar text. It would be a false positive to detect such files! If you want to know more about EICAR and how this Testvirus works take a look to over here where i explained it in the AV-Comparatives Forum: http://www.av-comparatives.org/forum/viewtopic.php?t=150 8^) H.B.
This is exactly what i originally wanted 'test GENERAL functionality'. I disagree here, soley for it's test functionality. For example once a firewall has been setup correctly you will then wish to to test it using various 'Probing' sites. How else would one test Antivirus software? Very informative, thanks for link