Skip to main content



 

Recently, @, published a blog post on the most common false positive in the world. 

 

EICAR

 

If you haven't had a chance to read it yet, please do. It's fascinating.

 

Personally, I want to hear from you on this!


  • Have you heard of EICAR?
  • What's your experience with it?
 

Let us know in the comments below! 

 

 
I know of it and used it and it's a test file to me and nothing more. http://www.eicar.org/86-0-Intended-use.html

 

But I agree with Randy!
Thanks Daniel,

 

I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)

Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.

 

Cheers,

 

Randy
I have retweeted it @.

I had heard of Eicar but never tried it until now, Webroot spotted it as well 😉
@ wrote:

Thanks Daniel,

 

I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)

Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.

 

Cheers,

 

Randy

Now why would you waste your time? LOL
@ wrote:

@ wrote:

Thanks Daniel,

 

I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)

Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.

 

Cheers,

 

Randy

Now why would you waste your time? LOL

Waste my time writing the presentation for VB? Oh my! I needed a topic to present. It gaveme another International speaking engagment under my belt, and it impressed my managers 🙂 I'd call it time well spent :-) 

Incidentally, one of the guys who worked on the EICAR test file was at the presentation. He even enjoyed it!

Believe it or not, that presentation was on the NATO internal network for more than a decade.
@ wrote:

@ wrote:

@ wrote:

Thanks Daniel,

 

I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)

Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.

 

Cheers,

 

Randy

Now why would you waste your time? LOL

Waste my time writing the presentation for VB? Oh my! I needed a topic to present. It gaveme another International speaking engagment under my belt, and it impressed my managers 🙂 I'd call it time well spent :-) 

Incidentally, one of the guys who worked on the EICAR test file was at the presentation. He even enjoyed it!

Believe it or not, that presentation was on the NATO internal network for more than a decade.

Your words: 30 minute presentation about a harmless 68-byte file ;)


Not to say that this isn't the most awesome article about EICAR ever writen... OK, it isn't :-)

This is the most interesting thin I have ever seen written about the eicar test file. A disection and analysis of the binary. Yeah, eicar.com is not a text file. I'm gonna print it, frame it, and mount it on somebody else's Facebook wall :-)  Seriouly good read though.

 

https://blog.nintechnet.com/anatomy-of-the-eicar-antivirus-test-file/
It's nothing like that I'm just teasing you! 😉
@ wrote:

It's nothing like that I'm just teasing you! ;)

I know, and I love it!!!
This was a great read. Didn't know a lot of the info in the articles. Knew nothing about the DOS application programming interface even. Every day I try and learn something about computing and think wow I know a lot and then read something like this and it just blows my mind. Didn't understand what in the world it was talking about at first (nintech article) or your original blog post so went and read the wiki on DOS API interrupt vectors and have so much to still learn. Love it. Thank you so much.
@ wrote:



 

Recently, @, published a blog post on the most common false positive in the world. 

 

EICAR

 

If you haven't had a chance to read it yet, please do. It's fascinating.

 

Personally,Google Hangouts I want to hear from you on this!

 

Let us know in the comments below! 

 

 

I also agree with that !

Trust it or not, that introduction was on the NATO interior system for over 10 years.
The EICAR Anti-Virus Test File[1] or EICAR test file is a computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO), to test the response of computer antivirus (AV) programs.[2] Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use a real computer virus.[3] Anti-virus programmers set the EICAR string as a verified virus, similar to other identified signatures. 192.168.1.1 A compliant virus scanner, when detecting the file, will respond in more or less the same manner as if it found a harmful virus. Not all virus scanners are compliant, and may not detect the file even when they are correctly configured. Neither the way in which the file is detected nor the wording with which it is flagged are standardized, and may differ from the way in which real malware is flagged, but should prevent it from executing as long as it meets the strict specification set by European Institute for Computer Antivirus Research.[4]

Still Missing after all these years….

 

An equivalent to EICAR for URL’s:

  • A standard URL that will be BLOCKED by properly configured softare
  • Another that will generate a WARNING by properly configured software
  • And one more that will NOT be blocked by properly configured software

So sad we don’t have that even today.


Still Missing after all these years….

 

An equivalent to EICAR for URL’s:

  • A standard URL that will be BLOCKED by properly configured softare
  • Another that will generate a WARNING by properly configured software
  • And one more that will NOT be blocked by properly configured software

So sad we don’t have that even today.

 

Hello @MrPete,

 

There are several test URLs out there. The AMTSO phishing test page can be used for a URL that should be blocked: https://www.amtso.org/check-desktop-phishing-page/

For a page that should not be blocked just use Google.

 

-Dan


Reply