EICAR test file

Yesterday I downloaded the Eicar test file, contained in a zip-file, and saved it to my desktop. I was actually expecting the real-time protection to kick in (AMON or IMON), but it didn't (perhaps this me misunderstanding the program, I thought IMON would check it because it was an Internet download). When I checked the zip-file on demand, NOD32 (as expected) warned me about an infected file inside the archive.

However, the only option that I had was to copy it 'to quarantaine' and than close the alert window. Is this supposed to go like this? I thought NOD32 would clean or delete the file. Manually deleting the file worked also.

Do I have to worry about the real-time protection as well?
I hope that someone can help me out.

EDIT: Perhaps a dumb question to add after all of this, but I have never had a 'viruswarning' with NOD32 before. Am I supposed to copy the file to quarantaine and can I take further action from there?

 

Do you have NOD with Blackspears's settings?
I'm on linux right now, so I can't test NOD atm, but later I will...

 

Yes, I have Blackspear's settings. I noticed that I couldn't the single .com-file ('file not found' error, but as I understand it this is Blackspear's settings kicking in -IMON preventing an infected download), but I was able to download the zip.

 

Ok
I'm in XP now and tested the EICAR file.
Under the standart http protocole, IMON blocked all 4 files.
Under the secure SSL https protocol, I could download the 4 files, but AMON deleted the ones that weren't zipped. IMON didn't block them.
When unzipping, AMON did the job, I unzipped to a folder and the folder was empty (both times).
When scanning the zip files with NOD32, the files where deleted (both times).
When trying to execute from within WinRar, AMON blocked execution and deleted the files.

So, IMHO, even though IMON failed on the files, and AMON let 2 of them be created, there's no way those files could be unzipped or executed, and they wouldn't resist a NOD32 scan.

I hope this was helpful for you.

 

Hello Hurst, thanks for your reply. You are also using Blackspear's settings as I understand it? How did you configure AMON (what settings)?
IMON did in fact prevent me from downloading the 4 files through the standard HTTP protocol (just as you described), so that's a first relieve.
I have AMON set to 'Prohibit access and show alert window' and a check in the box next to 'copy to Quarantaine'. This setting doesn't enable me to do anything else, is that correct?

 

It won't let you run malicious file and won't let a newly created threat run by itself

 

So manually deleting such a file would suffice?

 

I have standard factory settings - straight off the shelf & all 4 'bit the dust' before the download commenced.

 

That worked for me as well, the only thing I was having 'problems' with was the zip-file. Manually removing such a file would be enough then?

 

Yes and No .

If you adjust your on-demand scanner settings (as I told you) to make nod32.exe NOD32 on-demand scanner can automatically delete the infected zip

 

Yes I have Blackspears's settings. AMON is configured exactly as indicated by Blackspear.

 

I'm using the suite 3 wouldnt even let me download the ZIp file full stop love this new suite,