EICAR test file explanation

For discussions about security.
Post Reply
Message
Author
User avatar
mahaju
Posts: 487
Joined: Mon 11 Oct 2010, 07:11
Location: between the keyboard and the chair

EICAR test file explanation

#1 Post by mahaju »

A detailed explanation of the EICAR test file

http://www.derkeiler.com/Mailing-Lists/ ... /0015.html

EICAR website
http://www.eicar.org/86-0-Intended-use.html

Does anyone know if this works with antivirus softwares in Linux?

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#2 Post by Makoto »

If they test by virus signatures, it should work. If they test by heuristics, perhaps not. It wouldn't hurt to experiment.
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

User avatar
mahaju
Posts: 487
Joined: Mon 11 Oct 2010, 07:11
Location: between the keyboard and the chair

#3 Post by mahaju »

I tried it with avg in puppy 5.2.8 but running avgscan says avgd not initialized
It seems avg is properly installed but I have no idea how to get it working
I don't normally use antivirus in puppy so I have no idea what this means
If anyone has tried it out maybe you can share it here
Also, used the puppy 5.2.8 in VMWare

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#4 Post by cthisbear »

avg is rubbish..false positives.

Better to use Hiren's Boot cd for virus.

Also has Parted Magic....even ejects the cd now.
So close to Puppy in looks.

http://www.hiren.info/pages/bootcd

":""""

Antivirus Tools

Avira AntiVir Personal (07-12-2011)
Free anti-virus and anti-spyware on-demand scanner, detects and removes more than 50000 viruses and trojans.

ClamWin Free Antivirus 0.97.3 (07-12-2011)
A free antivirus, GNU GPL Open Source Virus Scanner.

ComboFix (07-12-2011)
Designed to cleanup malware infections and restore settings modified
by malware.

Dr.Web CureIt!
Antivirus a free standalone anti-virus and anti-spyware on-demand scanner (downloadable).

GMER 1.0.15
Hidden services, hidden registry, hidden file scanner, Rootkit Detector
and Remover.

Malwarebytes Anti-Malware 1.51.1 (07-12-2011)
anti-malware application that can thoroughly remove even the most advanced malware.

Remove Fake Antivirus 1.82
a tool to remove virus/malware which disguises itself to be an
antivirus and produces fake alert/warnings and urge you to purchase
a useless copy of the fake antivirus.

RootkitRevealer 1.7.1
Rootkit Revealer is an advanced patent-pending root kit detection utility.

Spybot - Search & Destroy 1.6.2 (07-12-2011)
Application to scan for spyware, adware, hijackers and other
malicious software.

SuperAntispyware 5.0.1134 (07-12-2011)
Remove Adware, Malware, Parasites, Rootkits, Spyware, Trojan,
and Worms (a must have tool).

TDSSKiller 2.6.21.0 To remove malware belonging to the family Rootkit.Win32.TDSS aka Tidserv, TDSServ and Alureon.

""""""""""

Parted Magic 6.7

Linux based rescue environment with lots of applications to manage partitions, backup and recovery such as GParted, Parted,
Partition Image, TestDisk, Partimage, Truecrypt, Clonezilla, G4L,
Firefox, ClamAV, GSmartControl, SimpleBurn, dd, ddrescue, with
extensive collection of file system tools are also included, supports
the following: btrfs, ext2, ext3, ext4, fat16, fat32, hfs, hfs+, jfs, linux-swap, ntfs, reiserfs, reiser4, and x

"""""""

Best to use it on usb with a couple of different Puppies.

Puppy 4.31...never fails in getting data off drives.

Puppy 5.28.....etc.

"""""""""

http://www.hirensbootcd.org/download/

Filename: Hirens.
BootCD.15.1.zip....extracts to the >>> ISO file.

Filesize: 498.36 MB (522565534 bytes)

ISO MD5: B5DE7A10DD1586D47535372EA1AD9BED

ZIP MD5: 5B8E9240AE8CF74939B60AD872CBBABA

""""""""""""

And now Mcrapee stuffs up again.

McAfee software bug could turn customers' PCs into spam servers

Read more: http://www.smh.com.au/technology/securi ... z1jyuttwGD

Chris

http://www.smh.com.au/technology/securi ... 1q93b.html

User avatar
mahaju
Posts: 487
Joined: Mon 11 Oct 2010, 07:11
Location: between the keyboard and the chair

#5 Post by mahaju »

I don't know about linux but I think it works pretty good in Windows

amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#6 Post by amigo »

It's not that 'avg is rubbish'. The false postives are Puppy's fault. A proper pet for Puppy should eliminate those false positives or filter them so you don't see them. They result from all the busbox versions and other puppy deviations from standard practice.

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#7 Post by Makoto »

I don't know... I don't use AVG, but even on the Windows side, I read reports about AVG getting false positives with files, every so often.
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#8 Post by 8-bit »

Are they dumbing up Hirens? I downloaded the latest version and it does not seem to have nearly as many tools as the older versions did.
I have visited the Bleeping Computer site and it seems to have a lot of information that is presented in terms that the average guy can understand.
Here is one for you to think on.
Someone hacks into your pc and replaces that EICAR test virus with their own creation, but in a way that the same header info shows it as a test virus.
So when your anti-virus program flags it, you think the file is harmless when in fact, your PC has a nasty.

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#9 Post by cthisbear »

" I downloaded the latest version and it does not seem to have nearly as many tools as the older versions did. "

Mate it has a stack of them.
You mustn't have gone through their menus correctly.

On the bottom toolbar >>> RHS or just above it.

:::::::::::

And amigo....sorry to disagree....but AVG is crap.
Went down over the last 5 years.
Slow...bloated...a joke.

The trouble with all of them is that they try to do everything
and fall over.

I usually go for Avira....Free.
But they put nags in it and you have to know what to block in
your firewall to stop it.

Then they stuck in the Ask toolbar.

And now you have to run Service Pack 3 in XP for the latest Avira.
And it's noticeably slower....clunkier...than its predecessor.

Still for all that....Avira runs rings around AVG.

Block these files in your firewall.

avnotify.dll

avnotify.exe

ApnToolbarInstaller.exe

ApnStub.exe
(Boots with windows whether you accept to install the Toolbar
malwareor not, then attempts to Phone home)

ApnIC.dll

http://murga-linux.com/puppy/viewtopic. ... 5&start=45

in my 8th post.

Chris.

Post Reply