Is Norton Anti-Virus Working?

[mortn]

Using Norton Systemworks 2002 on an XP machine. Until recently (before changing from
dialup to cable) I would frequently have email viruses detected and quarantined by the
anti-virus program. Now, since changing to cable with a new email address, I have not
had a single email virus identified. While I am quite happy about this, I can't help but
wonder whether the anti-virus program is actually doing its thing. A full system scan
every week turns up nothing.

Is there some type of "test virus" I can receive by email to actually test the workings
of my anti-virus program?

Thank you for any assistance you may provide.

 

[T.R.]

Is there some type of "test virus" I can receive by email to actually test the workings
of my anti-virus program?

http://www.eicar.org/anti_virus_test_file.htm

Regards,
ô¿ô
~

 

[mortn]

http://www.eicar.org/anti_virus_test_file.htm

Regards,
ô¿ô
~

Thank you for the quick comeback. I tested all 4 Eicar files. Norton recognized and
quarantined the 1st and 3rd files from the page you recommended. The 2nd file appeared
as ASCII text and merely was displayed as written, but was not flagged by my anti-virus
program. The last file was unzipped and became yet another zip file. Norton did not
detect a virus included in any of the zip files until they were unzipped. The imbedded
virus was not detected initially.

 

[T.R.]

The 2nd file appeared
as ASCII text and merely was displayed as written, but was not flagged by my anti-virus
program.

Should have caught it. Mine caught it when I even tried to download
it to test as an attachment in an email sent to myself. I had to turn
NAV Auto Protect off just to download it and transmit it as an
attachment to myself. I then turned Auto Protect back on to receive
the email with the attachment and NAV caught it.

The last file was unzipped and became yet another zip file. Norton did not
detect a virus included in any of the zip files until they were unzipped. The imbedded
virus was not detected initially.

Again, mine caught it as I was receiving it as an attachment to an
email I sent to myself.

You must have something in the NAV setup unchecked which is not
allowing NAV to look at #2 and #4

I'm running NAV 2003 Pro and have it set to:

- Enable Auto Protect
- Start Auto Protect at windows startup
- Do Comprehensive File Scanning
- Enable Highest Level of Bloodhound Heuristics
- Enable Script Blocking
- Scan Within Compressed Files
- Scan incoming and outgoing emails (which is why I had to turn it off
when I sent an attached virus test file out to myself).

There are many other config options but the above are the important
ones for Auto Protection.

Regards,
ô¿ô
~

 

[Jari Lehtonen]

Is there some type of "test virus" I can receive by email to actually test the workings
of my anti-virus program?

Thank you for any assistance you may provide.

Try http://www.gfi.com/emailsecuritytest/

it is very good.

Jari

 

[WiseGuy]

Back in the day { [email protected]},

Thank you for the quick comeback. I tested all 4 Eicar
files. Norton recognized and quarantined the 1st and 3rd
files from the page you recommended. The 2nd file
appeared as ASCII text and merely was displayed as
written, but was not flagged by my anti-virus program.
The last file was unzipped and became yet another zip
file. Norton did not detect a virus included in any of
the zip files until they were unzipped. The imbedded
virus was not detected initially.

Please check your PC and/or NAV setups. Also, when running these tests, do
not automatically quarantine. These test files are not actually "infected".

Hint - don't try to download these files to your hard drive - download them
to a clean floppy, mark it plainly as "EICAR TEST" or something similar, and
store it away for future use. If you did happen quarantine any of these
test files, delete them from your quarantine - they serve no useful purpose
in quarantine.

A possible behavior when using these test files is as follows:

The executable (EICAR.COM) and the first archive should be ALWAYS be
detected as "infected" on the attempted download AND on any subsequent scan
as well.

Sometimes the second archive (which is actually an archive of an archive)
will 'slip through'. However, a separate scan of the included file should
show it as "infected".

You should not need to unzip any of the archives to run the tests, and, in
fact, you shouldn't do that because that would negate the purpose of the
test.

Depending on your settings, you may be able to download the text file
without triggering a virus detection (some AV programs are set to allow text
files). However, a scan of the file AFTER downloading should always detect
the text file as "infected".

--
WG


Post back in News
Do not use email to continue thread

All email MUST include a valid return address.