Comments on: Simulation Testing and the EICAR test file http://www.welivesecurity.com/2010/12/01/simulation-testing-and-the-eicar-test-file/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: David Harley http://www.welivesecurity.com/2010/12/01/simulation-testing-and-the-eicar-test-file/#comment-2614 Sat, 08 Sep 2012 12:10:39 +0000 http://blog.eset.com/?p=5521#comment-2614 Rhys, I’m not sure what “thing” you’re referring to: presumably it’s not the EICAR file?. If you’re an ESET customer, I’m sure customer support would be happy to help you if they can.

]]>
By: Rhys Jones http://www.welivesecurity.com/2010/12/01/simulation-testing-and-the-eicar-test-file/#comment-2613 Fri, 07 Sep 2012 07:18:07 +0000 http://blog.eset.com/?p=5521#comment-2613 I Dont Care,
I know this is not your doing,
Tthis "thing" installed itself on my server totally uninvited, obviously from some incompetent / pathetic web site. I don’t want it, I don’t need it, I trust my antivirus, it has served me well for the last two years. Now I can’t remove it. Honestly, I have better things to do with my time than trying to remove something a bunch of swinging dicks thought up and forced on me. This “thing” should be classed as a virus itself (Class it as a waste of time virus)

]]>
By: David Harley http://www.welivesecurity.com/2010/12/01/simulation-testing-and-the-eicar-test-file/#comment-2612 Fri, 22 Apr 2011 22:57:12 +0000 http://blog.eset.com/?p=5521#comment-2612 Nearly all mainstream anti-malware detects the EICAR file, though it’s not mandatory, and other types of security software tend not to acknowledge it. Alert level isn’t really relevant on a check file that has no malicious intent or effect. I don’t know why MSE would flag EICAR as ‘severe’, to be honest, but I suppose there’s room for disagreement.

]]>
By: Michael Mather http://www.welivesecurity.com/2010/12/01/simulation-testing-and-the-eicar-test-file/#comment-2611 Fri, 22 Apr 2011 21:31:24 +0000 http://blog.eset.com/?p=5521#comment-2611 Your paper is very interesting. Thank you.
Any AV program should come with one or more check files. These have nothing to do with viruses, worms, etc. They are just check files.
When you run the AV, you should have the option of whether to detect these check files. If they are detected, they should be reported like anything alse, but with a Severity of Zero (or whatever). Then you can check your setup and see how stuff is actually reported. You can also use it as a continuing check that the whole process has actually been run, if that is needed.
If the AV program wants to, it can also detect the check files inside zip files or wherever. That is up to the authors. They should not be detected if modified, for reasons given in the article.
The EICAR file is probably a suitable check file for much existing AV software. A list might be useful.
MS Security Essentials detects it, and says the alert level is "Severe". Now I don't know whether to trust you or MS!

]]>
By: Randy Abrams http://www.welivesecurity.com/2010/12/01/simulation-testing-and-the-eicar-test-file/#comment-2610 Tue, 07 Dec 2010 02:05:33 +0000 http://blog.eset.com/?p=5521#comment-2610 We’re delighted to make your acquaintance as well. we hope you enjoy NOD32 and ESET Smart Security. If you have any general security questions feel free to email askeset@eset.com. Please note that askeset@eset.com is never used for product support questions.

]]>
By: trinhluu http://www.welivesecurity.com/2010/12/01/simulation-testing-and-the-eicar-test-file/#comment-2609 Sat, 04 Dec 2010 10:00:24 +0000 http://blog.eset.com/?p=5521#comment-2609 hi. my name luu trinh. i am live in viet nam . i’m a student. happy to be acquainted with you.

]]>
By: David Harley http://www.welivesecurity.com/2010/12/01/simulation-testing-and-the-eicar-test-file/#comment-2608 Thu, 02 Dec 2010 19:03:36 +0000 http://blog.eset.com/?p=5521#comment-2608 Hello Mr Auctions. ;-) This isn't really signature testing. While EICAR, in particular, is sometimes used in detection tests, it doesn't really belong in that sort of test. Which is what the paper is about… The EICAR test file may have the word test in its common name, but it's really an installation check file. It tells you that your scanner is working. It doesn't tell you that it's working correctly though, and it doesn't tell you anything about detection except that it detects the EICAR test file. And if you start modifying the file inappropriately, it tells you nothing at all… There is a bit more than that to the paper, of course. :)

]]>
By: Van Auctions http://www.welivesecurity.com/2010/12/01/simulation-testing-and-the-eicar-test-file/#comment-2607 Thu, 02 Dec 2010 15:27:50 +0000 http://blog.eset.com/?p=5521#comment-2607 i always wondered how this signature testing works digitally …after going through your post its quite clear that its not completely successful

]]>