Re: Antivirus engine check utility

From: Bill Sanderson (Bill_Sanderson@msn.com.plugh.org)
Date: 11/02/02 

From: "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org>
Date: Sat, 2 Nov 2002 10:27:15 -0500

Eicar.avc is listed in avp.set
Eicar.avc is present in the BASES subdirectory.

"Dmitry Kulshitsky" <dimkin(remove)@mbox.com.au> wrote in message
news:eljMfOmgCHA.2324@tkmsftngp08...
> Bill, please check whether you have eicar AV database and check whether it
> is included in the avp.set file
>
> "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
> news:uRnPUYggCHA.2368@tkmsftngp10...
> > Hmm - looks like Kaspersky ignores that string in text files--at least
> > in
> my
> > 4.5 "lite" version, regardless of settings.
> >
> > The macs in the offices are running Norton, though--but I can't work
> > with
> > them remotely, I'm afraid--I can check some XP-based PC's with Norton a
> bit
> > later tonight.
> >
> > "Michel Gallant (MVP)" <neutron@istar.ca> wrote in message
> > news:3DC2FC50.5D2337B0@istar.ca...
> > > OK, i have already had a bit of feedback from a few users and had
> > > one tweek.
> > >
> > > Here is the url (public now :-)
> > > http://home.istar.ca/~neutron/avcheck
> > >
> > > Note that because my Thawte code-signing cert expired, I had to
> > > sign this with a 2048 bit self-signed code-signing cert, so if you
> > > want to see a "full trust" message, you need to import the public cert
> > > (bottom of page).
> > >
> > > Please read the notes about what the applet does.
> > > Although only currently signed into cab for IE deployment, it will
> > > be easy to extend it to more generic Java for any platform.
> > >
> > > - Michel Gallant
> > > MVP Security
> > > http://home.istar.ca/~neutron
> > >
> > >
> > >
> > > Bill Sanderson wrote:
> > >
> > > > I've an interest in an aspect of this.
> > > >
> > > > I customarily email eicar to folks in offices I administer so that
> they
> > know
> > > > what happens when a virus is detected.
> > > >
> > > > I'd like to be able to test the Mac users as well, but they can't
> > attempt to
> > > > execute the file, and I don't detect viral strings in text messages.
> > > >
> > > > Can you see a way to make this an equal opportunity tester for both
> macs
> > and
> > > > PC's?
> > > >
> > > > (and sure, I'd like the address--I'll keep it private unless you
> > > > tell
> me
> > it
> > > > can be used by others--email removing the obvious--I need to change
> > this.)
> > > >
> > > > "Michel Gallant (MVP)" <neutron@istar.ca> wrote in message
> > > > news:3DC2C400.13427A07@istar.ca...
> > > > > I have developed a utility to proactively check if your antivirus
> > engine
> > > > > is actually working and that it is configured properly to scan all
> > file
> > > > types.
> > > > > Don't rely on that icon-tray .... make SURE it actually is
> > > > > working!
> > > > >
> > > > > Originally targetted at NAV, I have reduced the functionality to
> > implement
> > > > > an AV engine check from a digitally-signed web page to:
> > > > >
> > > > > - attempt to write the standard EICAR virus string, as a text
> file,
> > to
> > > > the
> > > > > local client and detect the AV engine response (the EICAR
> string
> > is
> > > > byte-wise
> > > > > embedded in the signed Java applet)
> > > > >
> > > > > - invoking the "cmd /K net share" command on NT, 2000 or
> > > > "netwatch.exe" for Win9x
> > > > > to easily allow any user to see their network shares (again
> > > > > for
> > > > non-savy users)
> > > > >
> > > > > Might be interesting to see if any firewalls/gateways are
> intelligent
> > > > enough to pick up
> > > > > the eicar string embedded this way :-)
> > > > >
> > > > > Anyone wishing to try the utility, email me for the link.
> > > > >
> > > > > - Michel Gallant
> > > > > MVP Security
> > > > > http://home.istar.ca/~neutron
> > > > >
> > > > >
> > >
> >
> >
>
>

Quantcast