Max file size

[Denis Beauchemin]

Randal, Phil a écrit :
> All of which is pretty pointless because a large file with the EICAR
> string attached at the end is no longer the EICAR "virus", IMHO, as the
> EICAR test file is defined to be 68 bytes long, no more, no less.
>   
I have found this on http://www.eicar.org/anti_virus_test_file.htm :
The file is a legitimate DOS program, and produces sensible results when 
run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!").

It is also short and simple - in fact, it consists entirely of printable 
ASCII characters, so that it can easily be created with a regular text 
editor. Any anti-virus product that supports the EICAR test file should 
detect it in any file providing that the file starts with the following 
68 characters, and is exactly 68 bytes long:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The first 68 characters is the known string. It may be optionally 
appended by any combination of whitespace characters with the total file 
length not exceeding 128 characters. The only whitespace characters 
allowed are the space character, tab, LF, CR, CTRL-Z. To keep things 
simple the file uses only upper case letters, digits and punctuation 
marks, and does not include spaces. The only thing to watch out for when 
typing in the test file is that the third character is the capital 
letter "O", not the digit zero.

Denis

-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x62252 F: 819.821.8045