Email virus Scanner test

Discussion in 'other anti-virus software' started by bazz, Feb 4, 2007.

Thread Status:
Not open for further replies.
  1. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    Hello,
    How can i test if my Email Virusscan Works?
    I want to test " bazzo9@icmail.net "
    Don't worry it's not my default address.
    I want to test how this email address protects against : Spam/Virusses .
    So the conclusion is I want spam/Virii on this address :D

    -Baz-
     
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
  3. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Hi Bazz

    I assume you're wanting as many spammers (preferably ones that send viruses) to have that email address as possible?
    This report is quite old, but still shows the most common ways that attract spam to an address, if you wanted to do the opposite of what it recommends. :blink: ;)

    I tried with a test email address some time ago to try and attract as much malware as possible to it, but all I ever got was masses of spam adverts and not a single malware sample, so I guess the spammers that mass-distribute malware use different to the spamming lists for viagra etc...

    P.S. I'd be interested in suggestions from anyone who knows a good way of setting up a test email address to attract as much mass-mailed malware as possible. (i.e. where to submit an email address so it is targeted by malware spammers.) :)

    Regards,
    Londonbeat
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    ok bazz ive sent you a worm to the address you requested, lets hope it all works :)
     
  5. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    I switch all the time , at this moment i have AVG FREE.
    (I'm waiting for the next Dr.Web)
     
  6. DaveD

    DaveD Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    54
    To test your antivirus mail scanner I decided to put the EICAR sample in a 7z self-extracting archive. A lot of antivirus programs still don't scan within 7z archives. I know when you run the self-extracting archive your antivirus should detect it, but you said you want to test your antivirus mail scanner and I thought this would be a good test.

    Post back here and let me know if your mail scanner detected it.
     
  7. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    My scanner (AVG) didn't detect it .
    But Dr.Web does (Online)

    ~Online virus scan results removed - Ron- Send any samples to the respective antivirus vendors.~

    Only Dr.Web detects it.
    Is dr.web so good?
     
    Last edited by a moderator: Feb 4, 2007
  8. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    its most likely a false positive,

    rar it up with the password virus and use my signature to send it for analysis.
     
  9. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    well drweb has quite a few fp's but they do fix them quickly
    i dont know if that one is an fp or not thou.
    lodore
     
  10. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    The file i sended in was Adware.Starware.
    It's just that Dr.Web was the only one to recognize it....
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    was that the jotti result?

    what did virustotal.com say?

    same thing, probably a false positive... send it to dr.web either way.
     
  12. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
  13. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    it depends what settings the av's on jotti and virustotal are set to.
    but drweb could be the only one detecting it.
    lodore
     
  14. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    all toolbars should always be avoided anyway..... nothing but trouble.
     
  15. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    Ok.
    Dr.Web is also the only one to find my "Registry Startpage Editor" which i made for testing purposes.
     
  16. DaveD

    DaveD Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    54
    Was this referring to my EICAR 7z SFX sample?
     
  17. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    Yes;)
     
  18. DaveD

    DaveD Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    54
    So I guess what that means is that AVG does not unpack and scan 7z archives.

    I have never received a virus by e-mail in the last 6 years because my ISP scans and removes them on the server level. Even when I try to send/receive samples by e-mail to test my own account the messages always come back but stripped of the attachment. They do not, however, scan 7z archives either so that is the only way in which I can get away with testing samples to my e-mail accounts. I believe it is Symantec Brightmail that they use on the servers.
     
  19. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    Ok.
    I use dr.web now (As beta tester ) and i want to say: I really Really like it.
    They changed the "virus found" screen a bit i think.Because the Shutdown button now isn't standing there alone.

    Dr.Web
    10/10
     
  20. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    All you need to do to get past the gateway scanners (my ISP does the same as yours) is zip and PASSWORD PROTECT the virus you want to send to yourself, or have someone send you, or send to others. Just make sure the zipped file is password protected. Your ISP's mail scanner cannot open a password protected file so it can't strip the virus out and it just lets it through.
     
  21. Cadoul

    Cadoul Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    76
    Location:
    France
Loading...
Thread Status:
Not open for further replies.