The definition of Eicar. Was: Question for Bitdefender Users

Kevin Spicer kevins at BMRB.CO.UK
Thu Sep 18 22:14:06 IST 2003


On Thu, 2003-09-18 at 21:42, Antony Stone wrote:

>On Thursday 18 September 2003 9:33 pm, Jason Balicki wrote:

>> Kevin Spicer wrote:
>> Well, it's an executable made up of ASCII printable characters
>> that happens to print out "EICAR-STANDARD-ANTIVIRUS-TEST-FILE"
>> when it's run.  Which is kind of a neat hack.  And not really
>> random.  :)

>I think what Kevin meant by 'random' was 'just as likely to be
>encountered by
>a virus checker as any other string of binary digits'.

>In other words, there's nothing intrinsically special about the Eicar
>string
>which defines it as something A-V products should detect - they need a
>signature for it just the same as anything else they detect.

>It is true that some A-V vendors have chosen not to include a signature
>which
>recognises the Eicar string, presumably on the pedantic basis that it
>isn't a
>virus :)

Yes, I meant that, although I also hold up my hands to not knowing the
detail on Eicar.

Interesting that Clam don't take that view, given their recent attitude
to damaged viruses!






BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.



More information about the MailScanner mailing list