TESTVIRUS.org

Discussion in 'NOD32 version 2 Forum' started by rdsu, Apr 11, 2004.

Thread Status:
Not open for further replies.
  1. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Hi!

    I do this test on my computer, with lastest update of NOD32 and Thunderbird Mail Client and NOD32 failed in this tests:

    Test #5: Eicar virus sent using BinHex encoding
    Test #6: Eicar virus embedded within another MIME segment
    Test #7: Eicar virus sent using uuencoding within a MIME segment
    Test #8: Eicar virus sent using BinHex encoding within a MIME segment
    Test #12: Eicar virus within a password protected ZIP file
    Test #14: Eicar virus sent in a Microsoft TNEF file (winmail.dat)
    Test #19: Eicar virus within zip file hidden using the "Blank Folding Vulnerability"
    Test #20: Eicar virus within zip file hidden using the "MIME Boundary Space Gap Vulnerability"
    Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability"
    Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability"

    These are my settings:
    http://student.dei.uc.pt/~umbelino/lixo/nod32_imon.png
    http://student.dei.uc.pt/~umbelino/lixo/nod32_imon2.png
     
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I don't have to be worried with this?
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I haven't taken a closer look at all of those tests, but what surprises me is a test in which eicar is sent in a password-protected archive. How one can expect that an AV will detect it? Maybe we could implement a brute-force password detection to IMON, but I'm not sure someone would dare to wait several hours/days to receive an email with a password-protected archive in attachment.
     
    Last edited: Apr 13, 2004
  4. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Hi Marcos,

    You're right, the password-protected archive is a stupid test...

    I'm very satisfied with NOD32 ;)
     
  5. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I make this test with the new version of Kaspersky and only the 12, 20 and 21 tests failed!!!
     
  6. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I'm not sure I understand why one would possibly want NOD32 to detect a password protected zipped virus. Isn't the reason for password protection in such an instance because one wishes to bypass ISP virus scanning so that one can successfully send a viral sample to someone who is expecting it and who has the password? Having NOD detect/destroy this would defeat the purpose of password protection!
     
  7. kcieniuch

    kcieniuch Registered Member

    Joined:
    Feb 25, 2004
    Posts:
    4
    All of you just noticed zip protected test failure o_O?
    What about test number 6,7,8 .
    To VaMPiRiC_CRoW you have to worry about that ! because
    MUA's can read such a mail and from my experience you can't relay on end user
    common sense :)
    I've posted few days ago message about NOD32 on Linux not scanning properly
    malformed mail and pointed out that antivirus program can't expect
    that mail created by viruses will tight close to specs, on the contrary they will use every possible vulnerability.
    I've wrote about that to NOD tech support but with no replay.
    For now I'm little bit disappointed with NOD32 reliability
    Previously I've use MicroTrend InterScan without such a problems.

    Krzysztof Cieniuch
     
Thread Status:
Not open for further replies.