Virus testing

Discussion in 'other anti-malware software' started by weirddemon, Jan 4, 2011.

Thread Status:
Not open for further replies.
  1. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Hey everyone

    Does anyone know of any applications that are available to test virus applications? Currently, I use the eicar.com virus. However, not all antivirus companies detect it because they know it's a false positive and whitelist it.

    I saw this application a while ago that started a process that made itself seem like a virus. But I can't find it anymore.

    Anyone know of any?

    Thanks
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    So you don't want real malware, only fake security test applications right? Just asking for clarification.

    You can take a look here for those kind of programs.
     
  3. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Yeah. I don't feel like setting up a VM.

    Thanks for the list, I'll look into it.
     
  4. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    479
    It still is a good idea to set up a VM if your going to be testing multiple applications.
     
  5. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
  6. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Why do u want to test ur AV:rolleyes:

    All av's will detect Eicar
    43/ 43 (100.0%)
    VT result.
    If ur AV not detecting it then there's some problem..
     
  7. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Back Up your System and especially your Files (e.g. Documents, Music, Photos, Videos etc.)
    BEFORE doing any Testing.

    IF Available, use a Testing-PC (i.e. do Not use your Primary PC).
     
  8. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    if any company gave you that excuse for why they don't detect eicar, dump them immediately.

    that is one of the dumbest things i have ever heard, and i'd definitely like to know which companies actually do that (and roast them publicly).

    any vendor worth their salt (that actually produces a scanner) will detect eicar intentionally despite the fact that it is not malware. it is meant to serve as a way to test whether your AV is up and running properly - a function that all companies ought to be providing their customers.

    otherwise the customer has no way to know if the product is doing it's job, and if the vendor doesn't want you to know if their product is doing it's job then you don't want what that vendor is offering.

    eicar has been around for so long that there is no reason for any scanner vendor to have not implemented detection for it.
     
  9. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    that's for testing anti-spyware apps. it pretends to be spyware, not a virus.

    also, as i recall, it's geared to behaviour-based spyware prevention, which is an entirely different sort of security product.
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,947
    Location:
    USA
    It would probably be a waste of time testing AV's against applications like eicar. You would be better off testing an AV against real in the wild threats. Testing an AV against applications like eicar is like a martial artist punching, and kicking in the air all day without ever sparing against a live person that is going to hit back.
     
  11. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    it really depends on the intention of the test.

    if you're looking to determine whether the scanner is working then eicar is the perfect thing to test with.

    if you're looking to determine how good various scanners are at detecting malware then, quite frankly, you're wasting your time. amateur testing is a fools errand. the expertise needed to do those kinds of tests anywhere near correctly is not easy to come by - nor are the time and manpower resource requirements.
     
  12. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    :thumb:
     
  13. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    I don't want to actually test scanners. I'm the creator of AVERT and I wanted other tests besides Eicar for two reasons:

    1. I'm working on collecting the log files for each scanner so I can figure out to best parse the data. If a run a scan on a non-infected machine, I won't ever see how the log file is setup when a virus is detected, so I won't be able to figure out how to parse the file for that need.

    2. I'm also working on figuring out how to run rkill with AVERT and I need to be able to run AVERT as a different type of executable, like a .com or something. So I needed a fake virus that kills executables just to make sure it's working in some capacity.

    Thanks
     
  14. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    just as eicar should be detected, it should also show up in the log file.

    while it may be reported as something other than what normal malware is reported as, there is enough variation in the way normal malware is reported (even from a single product) that if you need to do any kind of intelligent parsing (i.e. parsing based on content rather than just format) then you actually are going to require real malware - and quite a wide variety of it.

    OR - hmmm, maybe project v-grep can help you. not v-grep online, mind you, but since it has to parse log files maybe there's something you can glean from it/them.

    i'm not sure i understand this one. you're trying to test your program's defenses against being killed and would like pretend malware that kills executables to test with?

    if you're a software creator it stands to reason that you should be able to create such pretend malware.
     
  15. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    I'm aware that them removing eicar will populate the correct data in the log file. I was mostly asking for the latter part. The eicar thing was just an example.

    And yes, I could make a fake virus to kill executables, but why would I if there's something else already available? I could either spend a few minutes asking people if they know of such software (which was already provided) or a few hours making and testing the fake virus.

    Besides, why do you even care? What I choose to do doesn't affect you in any way. I received what I needed and that's it.
     
  16. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    i was trying to be helpful.

    that said, the fact that i can't come up with an unambiguous meaning to your first paragraph suggests to me that you and i are simply not communicating on the same wavelength.

    since you seem to have found what you were looking for i guess everything that needs to be said has been.
     
Loading...
Thread Status:
Not open for further replies.