The definition of Eicar. Was: Question for Bitdefender Users
Antony Stone
Antony at SOFT-SOLUTIONS.CO.UK
Thu Sep 18 21:42:31 IST 2003
On Thursday 18 September 2003 9:33 pm, Jason Balicki wrote:
> Kevin Spicer wrote:
> >[eicar...] is essentially just one
> >long random number.
>
> Well, it's an executable made up of ASCII printable characters
> that happens to print out "EICAR-STANDARD-ANTIVIRUS-TEST-FILE"
> when it's run. Which is kind of a neat hack. And not really
> random. :)
I think what Kevin meant by 'random' was 'just as likely to be encountered by
a virus checker as any other string of binary digits'.
In other words, there's nothing intrinsically special about the Eicar string
which defines it as something A-V products should detect - they need a
signature for it just the same as anything else they detect.
It is true that some A-V vendors have chosen not to include a signature which
recognises the Eicar string, presumably on the pedantic basis that it isn't a
virus :)
> Sorry for being pedantic.
No need to apologise :)
Antony.
--
It wasn't a sight to be seen on an empty stomach, although it could probably
cause one.
- Terry Pratchett, Soul Music
More information about the MailScanner
mailing list