eicar test virus - AVG 7 doesn't detect it?

[Alex Hunsley]

I'm testing that my AVG 7 installation detects viruses.
So I've downloaded the innocuous test file fromeicar.com
(http://www.eicar.org/anti_virus_test_file.htm). When I extract the
eicar.com file into a directory and refresh or rebrowse to the
dierctory, AVG doesn't pick up on it. I've seen it automatically pick up
virus infected files this way before, so why didn't it complain about
the eicar.com test virus file? (Resident shield is definitely running
according to AVG control centre.)
If I right-click on the file and select "Test with AVG" it does flag it
up as a virus however. Any ideas anyone?

thanks
alex

 

[kurt wismer]

I'm testing that my AVG 7 installation detects viruses.
So I've downloaded the innocuous test file fromeicar.com
(http://www.eicar.org/anti_virus_test_file.htm). When I extract the
eicar.com file into a directory and refresh or rebrowse to the
dierctory, AVG doesn't pick up on it. I've seen it automatically pick up
virus infected files this way before, so why didn't it complain about
the eicar.com test virus file? (Resident shield is definitely running
according to AVG control centre.)
If I right-click on the file and select "Test with AVG" it does flag it
up as a virus however. Any ideas anyone?

then clearly avg can detect eicar...

try this... try running the eicar.com and see what avg's real-time
scanner does... it's possible that that portion of the product is not
configured the way you intend it to be... also, is it possible that the
behaviour your expecting to see you've only seen before in v6 of the
product?

 

[Peter]

I'm testing that my AVG 7 installation detects viruses.
So I've downloaded the innocuous test file fromeicar.com
(http://www.eicar.org/anti_virus_test_file.htm). When I extract the
eicar.com file into a directory and refresh or rebrowse to the
dierctory, AVG doesn't pick up on it. I've seen it automatically pick up
virus infected files this way before, so why didn't it complain about
the eicar.com test virus file? (Resident shield is definitely running
according to AVG control centre.)
If I right-click on the file and select "Test with AVG" it does flag it
up as a virus however. Any ideas anyone?

thanks
alex

I do not know if this will help! I have found that most of the
virus scanning software that I have played with will detect EICAR if
the string is written as the first line of a text file.

However, assuming a three line text file, if EICAR is written as
line two or line three it is not detected.

I keep a text file with EICAR as the first line somewher on my
system just to make sure that my scanner, currently Kaspersky, is
functioning as it should.

Peter

 

[Zvi Netiv]

I'm testing that my AVG 7 installation detects viruses.
So I've downloaded the innocuous test file fromeicar.com
(http://www.eicar.org/anti_virus_test_file.htm). When I extract the
eicar.com file into a directory and refresh or rebrowse to the
dierctory, AVG doesn't pick up on it. I've seen it automatically pick up
virus infected files this way before, so why didn't it complain about
the eicar.com test virus file? (Resident shield is definitely running
according to AVG control centre.)
If I right-click on the file and select "Test with AVG" it does flag it
up as a virus however. Any ideas anyone?

Files are checked by on-access AV when "opened". When browsing directories,
Explorer opens files of type EXE to read their icon resource, for displaying.
Other file types aren't opened for picking an icon as the latter are
predetermined for other than the EXE type.

As the EICAR test file is of type COM, then it isn't opened by Explorer when
browsing the directory, because COM have a fixed icon assigned to them by
Windows. Rename the test file to <whatever>.EXE and your AV might pick it this
way.

Regards, Zvi

 

[Alex Hunsley]

then clearly avg can detect eicar...

try this... try running the eicar.com and see what avg's real-time
scanner does... it's possible that that portion of the product is not
configured the way you intend it to be... also, is it possible that the
behaviour your expecting to see you've only seen before in v6 of the
product?

I forgot to mention that I can successfully run eicar.com, even when
realtime protection is running!
Very strange.

alex

 

[Alex Hunsley]

Files are checked by on-access AV when "opened". When browsing directories,
Explorer opens files of type EXE to read their icon resource, for displaying.
Other file types aren't opened for picking an icon as the latter are
predetermined for other than the EXE type.

As the EICAR test file is of type COM, then it isn't opened by Explorer when
browsing the directory, because COM have a fixed icon assigned to them by
Windows. Rename the test file to <whatever>.EXE and your AV might pick it this
way.

Regards, Zvi
--

I've hit upon this idea already and tried it - renamed to eicar.exe, did
directory refresh, and still AVG didn't complain...

alex

 

[Alex Hunsley]

I'm testing that my AVG 7 installation detects viruses.
So I've downloaded the innocuous test file fromeicar.com
(http://www.eicar.org/anti_virus_test_file.htm). When I extract the
eicar.com file into a directory and refresh or rebrowse to the
dierctory, AVG doesn't pick up on it. I've seen it automatically pick up
virus infected files this way before, so why didn't it complain about
the eicar.com test virus file? (Resident shield is definitely running
according to AVG control centre.)
If I right-click on the file and select "Test with AVG" it does flag it
up as a virus however. Any ideas anyone?

thanks
alex

I'm now trying panda antivirus - any comments on this? What's the
titanium version like?

alex

 

[Zvi Netiv]

then clearly avg can detect eicar...

try this... try running the eicar.com and see what avg's real-time
scanner does... it's possible that that portion of the product is not
configured the way you intend it to be... also, is it possible that the
behaviour your expecting to see you've only seen before in v6 of the
product?

Hint: The EICAR test file is of type COM. ;-)

 

[kurt wismer]

Alex Hunsley wrote:
[snip]

I forgot to mention that I can successfully run eicar.com, even when
realtime protection is running!

alright, then clearly the realtime component is either misconfigured or
broken... maybe we can hear from someone else with avg v7 who can
perform the same test? anybody?

otherwise i'd say you should get in contact with grisoft.com and find
out what's wrong with their scanner...

 

[kurt wismer]

Zvi Netiv wrote:
[snip]

Hint: The EICAR test file is of type COM. ;-)

thanks, i'll try to keep that in mind next time...

 

[MJD]

I'm running AVG 7.0.209 with data 261.6.0 of 7.1.2004 on my laptop (Toshiba
TE2300-WinXP-Pro), and I've just tried to download the 'eicar.com' file from
Eicar.
AVG simply won't allow it!
I <can> download the zipped packages and both of these are detected on
scanning.
I unzipped eicar.com to a test directory while AVG was disabled and then
re-started AVG.
Simply opening the test directory did not raise the alarm, but as soon as I
moved my mouse over the file's icon, a 'Virus Detected' alert appeared.
Works for me!
Could I suggest an uninstall/re-install ?
Martin Deeley