I attended the #vBrownbag presentation this evening on deep security with vCNS. Nick Fritsch presented and showed us a cool "tool" to see if your anti-malware software is working.
The website is http://eicar.org. Click on the "Anti-Malware Testfile" tab at the top and read on.
Here is an excerpt:
The Anti-Malware Testfile This test file has been provided to EICAR for distribution as the "EICAR Standard Anti-Virus Test File", and it satisfies all the criteria listed above. It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name, such as "EICAR-AV-Test").
The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!").
It is also short and simple - in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long: (SEE WEBSITE FOR FILE)
The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero.
Reference:
"Intended use ° EICAR - European Expert Group for IT-Security ." Home ° EICAR - European Expert Group for IT-Security . N.p., 12 June 2013. Web. 12 June 2013. <http://www.eicar.org/86-0-Intended-use.html>.
No comments:
Post a Comment