PC Review


Reply
Thread Tools Rate Thread

Looking For Anti-Virus Test

 
 
(PeteCresswell)
Guest
Posts: n/a
 
      24th Aug 2010
I've fooled around with the "EICAR-STANDARD-ANTIVIRUS-TEST-FILE",
but it is not doing what I want it to do.

It does provoke my virus checker when I try to email it - and
even provokes Verizon's spam trap; both of which prevent me from
emailing it to somebody.

What I want is some means to make the virus checker on another
person's PC pop a warning - preferably in response to an email.

The idea being that I can send them the email, go over to their
PC, point to the window that the virus checker pops, and say
"See - that's a virus alert. Always press *that* button and
never, ever, under any circumstances press the other button."

I even tried burning the EICAR text file to a CD and copying it
from the CD to the user's desktop - but the virus checker did not
throw the warning (and neither did my own when I did the same
thing). Same checker won't let an email go out with the file
attached, though. Maybe I have some profile setting wrong
in the checker - that it's not flagging the copy attempt?

Anybody got a harmless technique for provoking a virus warning so
the user can see what their virus checker's warning window looks
like?
--
PeteCresswell
 
Reply With Quote
 
 
 
 
(PeteCresswell)
Guest
Posts: n/a
 
      24th Aug 2010
Per Little Charlie:
>>Anybody got a harmless technique for provoking a virus warning so
>>the user can see what their virus checker's warning window looks
>>like?

>
>Since Eicar is a text string edit it slightly and maybe rename it too.
>Then once it's arrived at the target PC undo the changes and save the
>file. The client's AV should then pop-up ( duering the save) and you
>can demonstrate how to deal with a malicoius threat.


I think I have it doped out.

- My virus checker doe not flag .txt files - no matter what.

- As soon as the text string is embedded in a .com file (or
even when attempts to rename .txt ==> .com, the checker
flags it. Ditto .bat, .scr and, I would hope, all other
executable suffixes.
--
PeteCresswell
 
Reply With Quote
 
 
 
 
FromTheRafters
Guest
Posts: n/a
 
      25th Aug 2010
"(PeteCresswell)" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I've fooled around with the "EICAR-STANDARD-ANTIVIRUS-TEST-FILE",
> but it is not doing what I want it to do.
>
> It does provoke my virus checker when I try to email it - and
> even provokes Verizon's spam trap; both of which prevent me from
> emailing it to somebody.
>
> What I want is some means to make the virus checker on another
> person's PC pop a warning - preferably in response to an email.
>
> The idea being that I can send them the email, go over to their
> PC, point to the window that the virus checker pops, and say
> "See - that's a virus alert. Always press *that* button and
> never, ever, under any circumstances press the other button."
>
> I even tried burning the EICAR text file to a CD and copying it
> from the CD to the user's desktop - but the virus checker did not
> throw the warning (and neither did my own when I did the same
> thing). Same checker won't let an email go out with the file
> attached, though. Maybe I have some profile setting wrong
> in the checker - that it's not flagging the copy attempt?
>
> Anybody got a harmless technique for provoking a virus warning so
> the user can see what their virus checker's warning window looks
> like?


EICAR should be a comfile (or other executable file destined for the
loader chain). Is there any reason that you *have* to have it as an
e-mail attachment?

Depending on the OS involved, you might be able to send kakworm script
and get an alert. Kakworm used the long since patched
'scriptlet.typelib/eyedog' vulnerability and should not have teeth on
modern OSes - yet (I think) should still be detected by AV programs. The
problem with e-mailing files that are known to cause alerts is that they
often get stripped out in transit. You could then experiment with the
"break apart messages" setting and send two half-kakworm scripts and
recombine them after receipt.

hxxp://62nds.com/pg/e91g.php





 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a
 
      25th Aug 2010
"Little Charlie" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Tue, 24 Aug 2010 11:21:15 -0400, "(PeteCresswell)" <(E-Mail Removed)>
> wrote:
>
>>I've fooled around with the "EICAR-STANDARD-ANTIVIRUS-TEST-FILE",
>>but it is not doing what I want it to do.
>>
>>It does provoke my virus checker when I try to email it - and
>>even provokes Verizon's spam trap; both of which prevent me from
>>emailing it to somebody.
>>
>>What I want is some means to make the virus checker on another
>>person's PC pop a warning - preferably in response to an email.
>>
>>The idea being that I can send them the email, go over to their
>>PC, point to the window that the virus checker pops, and say
>>"See - that's a virus alert. Always press *that* button and
>>never, ever, under any circumstances press the other button."
>>
>>I even tried burning the EICAR text file to a CD and copying it
>>from the CD to the user's desktop - but the virus checker did not
>>throw the warning (and neither did my own when I did the same
>>thing). Same checker won't let an email go out with the file
>>attached, though. Maybe I have some profile setting wrong
>>in the checker - that it's not flagging the copy attempt?
>>
>>Anybody got a harmless technique for provoking a virus warning so
>>the user can see what their virus checker's warning window looks
>>like?

>
> Since Eicar is a text string edit it slightly and maybe rename it too.
> Then once it's arrived at the target PC undo the changes and save the
> file. The client's AV should then pop-up ( duering the save) and you
> can demonstrate how to deal with a malicoius threat.


No need to send it through e-mail for that - it's just an ASCII text
string (now new and improved with some additional whitespace) that also
works as a comfile.

Sadly, my AV alerts to it even as a text file (very annoying).


 
Reply With Quote
 
(PeteCresswell)
Guest
Posts: n/a
 
      25th Aug 2010
Per FromTheRafters:
>EICAR should be a comfile (or other executable file destined for the
>loader chain). Is there any reason that you *have* to have it as an
>e-mail attachment?


Only bc I thought it would most closely replicate the actual user
experience - since most of the time viruses seem to come in via
email attachments. But it's not a religious issue and, as you
note below, getting it through various mail servers is a problem.

So I guess I'll just burn a .com version to CD.

>Depending on the OS involved, you might be able to send kakworm script
>and get an alert. Kakworm used the long since patched
>'scriptlet.typelib/eyedog' vulnerability and should not have teeth on
>modern OSes - yet (I think) should still be detected by AV programs. The
>problem with e-mailing files that are known to cause alerts is that they
>often get stripped out in transit. You could then experiment with the
>"break apart messages" setting and send two half-kakworm scripts and
>recombine them after receipt.

--
PeteCresswell
 
Reply With Quote
 
badgolferman
Guest
Posts: n/a
 
      25th Aug 2010
(PeteCresswell) wrote:

>I've fooled around with the "EICAR-STANDARD-ANTIVIRUS-TEST-FILE",
>but it is not doing what I want it to do.
>
>It does provoke my virus checker when I try to email it - and
>even provokes Verizon's spam trap; both of which prevent me from
>emailing it to somebody.
>
>What I want is some means to make the virus checker on another
>person's PC pop a warning - preferably in response to an email.
>
>The idea being that I can send them the email, go over to their
>PC, point to the window that the virus checker pops, and say
>"See - that's a virus alert. Always press that button and
>never, ever, under any circumstances press the other button."
>
>I even tried burning the EICAR text file to a CD and copying it
>from the CD to the user's desktop - but the virus checker did not
>throw the warning (and neither did my own when I did the same
>thing). Same checker won't let an email go out with the file
>attached, though. Maybe I have some profile setting wrong
>in the checker - that it's not flagging the copy attempt?
>
>Anybody got a harmless technique for provoking a virus warning so
>the user can see what their virus checker's warning window looks
>like?


Just a thought, what if you send it as an zipped file?


 
Reply With Quote
 
(PeteCresswell)
Guest
Posts: n/a
 
      26th Aug 2010
Per badgolferman:
>?
>
>Just a thought, what if you send it as an zipped file?


The virus checker I use (and the user uses) inspects zip file
contents too.
--
PeteCresswell
 
Reply With Quote
 
Dennis
Guest
Posts: n/a
 
      26th Aug 2010
On Wed, 25 Aug 2010 20:45:45 -0400, "(PeteCresswell)" <(E-Mail Removed)>
wrote:

>>Just a thought, what if you send it as an zipped file?

>
>The virus checker I use (and the user uses) inspects zip file
>contents too.


Not if you add a password. ;-)

--

Dennis
 
Reply With Quote
 
(PeteCresswell)
Guest
Posts: n/a
 
      26th Aug 2010
Per Dennis:
>>The virus checker I use (and the user uses) inspects zip file
>>contents too.

>
>Not if you add a password. ;-)


Ouch!.... obvious now that you have said it...

Gotta give that a try.
--
PeteCresswell
 
Reply With Quote
 
mm
Guest
Posts: n/a
 
      5th Sep 2010
On Tue, 24 Aug 2010 11:21:15 -0400, "(PeteCresswell)" <(E-Mail Removed)>
wrote:

>I've fooled around with the "EICAR-STANDARD-ANTIVIRUS-TEST-FILE",
>but it is not doing what I want it to do.


You've almost solved this problem already, even by the posts, but I
just found this ng and this is the first time I've had to put in my
two cents.

Maybe this is now subject to the problems you describe below, but here
is eicar in a variety of forms, at the bottom of the page.

http://eicar.org/anti_virus_test_file.htm

Just send him the url and have him dl some of them.

As to eicar.com.txt, I've long wondered what prevents someone from
dl'ing a file ending in txt and then a short command to rename the
file to be executable?

mm

>It does provoke my virus checker when I try to email it - and
>even provokes Verizon's spam trap; both of which prevent me from
>emailing it to somebody.
>
>What I want is some means to make the virus checker on another
>person's PC pop a warning - preferably in response to an email.
>
>The idea being that I can send them the email, go over to their
>PC, point to the window that the virus checker pops, and say
>"See - that's a virus alert. Always press *that* button and
>never, ever, under any circumstances press the other button."
>
>I even tried burning the EICAR text file to a CD and copying it
>from the CD to the user's desktop - but the virus checker did not
>throw the warning (and neither did my own when I did the same
>thing). Same checker won't let an email go out with the file
>attached, though. Maybe I have some profile setting wrong
>in the checker - that it's not flagging the copy attempt?
>
>Anybody got a harmless technique for provoking a virus warning so
>the user can see what their virus checker's warning window looks
>like?


 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
test test test test jadfl Microsoft Dot NET Framework 1 6th Jul 2005 06:31 AM
separating test data from test code + creating skeleton unit test classes QA Guy Microsoft C# .NET 0 6th Apr 2005 10:00 AM
separating test data from test code + creating skeleton unit test classes qualityassurance@gmail.com Microsoft C# .NET 0 6th Apr 2005 09:38 AM
Test Test Test!!!! Zero Windows XP General 2 11th Jul 2004 10:47 AM
Getting TEST!TEST!TEST message.... Narrgirl Windows XP Internet Explorer 1 21st Apr 2004 03:26 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 12:48 AM.