Was just thinking about my AVP - I have it set to auto-update and once a week or so I also do a manual just to make sure.
But other than that it just sits there quietly doing its job....or at least I hope it is doing its job.

I have yet to have a virus scare - ok so I try wherever possible to only download from a product manufactuers site.

But how do we know if our AVP is working correctly without downloading some virii and checking?? But this opens up all kinds of risks

thats why i was wondering is there such a thing as neutered virii?? virii which has had its sting removed :)
it still contains the relevant structure to set off the alarms but cannot reproduce itself of cause damage to a computer.

has anyone heard of such a thing before??

v_Ln

Intersting idea.

I've been on kazaa for the past few days, so I know my AV is wide awake. Damn thing went off every few minutes.


Edit: I forgot to ask, why would there be a reason for the AV to not be working? This is getting me paranoid.

D0pp139an93r there is no real reason why it shouldn't be working - but i just realised it has never really had a true _test_

I just take it for granted that it is dooing its job when I can't say for sure that it is

edit >> for example we test our firewalls by scanning ourselves to ensure they are doing their job correctly and keeping us stealthed but I have never given my AVP a work out.

v_Ln

Well, one reason it wouldn't be working would be because you've downloaded a virus that's disabled it :D

But I think Val meant more as a test...just to be sure that it actually is ready and able to catch those viruses that it says it is able to.

edit: Sorry, Val slipped in above me and said basically what I said.

No reasone to use a 'neutered' virus, as long as you dont execute the infected program. Simply find a executable you know to be infected and scan it. If it triggers your AV, its working. :)

-Maestr0

Hi Val, there is a test virus out there called EICAR. This test string has been used for years to test virus software.

The Eicar Test String is not a real virus. It is a text file that is used to test antivirus software. By default, the file name is Eicar.com


You can get a copy of it HERE (http://securityresponse.symantec.com/avcenter/venc/data/what.is.the.eicar.test.string.html)

Hope this helps.

Cheers:

DjM - thanks for that just gave it a try and AVP picked up on it :)
so at least I know now it is doing something - lol

v_Ln

Also Val, Create a VB Proggie and put in the string to bind it to run with every executable.

Sub 7 start up one. Not published for obvious reason.

Any av will detect this as w32.generic.

How about experimenting with real stingy virii? This is not as stupid as it sounds :D....well maybe a bit. Put a bunch of virii in a floppy and have it scanned by your av software. Most likely they'll be zipped, or copy infected files on a TEST pc into a floppy and see if it will pick them up. I think EICAR is better though ;), less risky and more controlable.

cheers,

If you know assembler, you can strip the infection routine and see what happens. There are many to choose from here: http://www.sirkussystem.com/virus.html

assemble, link and have fun.

If a AV detects EICAR.. don't mean shite.. I like the idea of a Neutered Virii.. perhaps a couple of different types.. and their sting would be a message box "Ya F****n AV ain't work'n Mate"
Why different types.. different doors of infection..

Cheers

Sorry val, but you have to use the real thing.

EICAR just shows if the AV has loaded properly IMHO. All AVs will find it :)

If you rename a live virus to .txt it is interesting, but some AVs won't report it because it is not executable (not good methinks, so the test is useful)

I usually put them on a floppy and scan that (remember to write protect the floppy or they will be killed)

Another problem is that if you draw the "teeth" it might not be detected, because the "teeth" could be what the AV uses to detect that particular specimen?

I would be worried if my AV actually let me download a live virus though :D

I used to get a lot of them from work, the Users (most of them) would forward their dodgy e-mails so I could check them, even bring me ones from their home PCs. Also the lads down the pub were a good source.

I used to get one of my trusty "labrat" boxes and load up a few AV apps then show them a virus ridden floppy.......interesting to see which were detected and at what stage.

I can't remember the name at the moment, but I did test one AV that gave you the option of telling it that it was looking at a "zoo" so it wouldn't bleep at every detection......just gave you a list at the end...........rather neat I thought!

Cheers

I just downloaded the *.zip of your test file. AV picked it, AV deleted the *.com from within the *.zip file. Nice results, but not that tough of a test however.

If you really want a test download some *.asm files from here. Put them on a cd, and scan it. They aren't live, and they contain the same makeup as if the were. Granted some of them once live do lots of different things to hide. So unless you wanna let lose some live viruses on your set, this is a good alternative. Search the net for virus downloads. Get some live viruses off the net that are zipped, and scan them that way. So long as you practice safe virus handling you should be fine.

I've got a cd I've put together over the years. I've had lots of help from many other peeps, sort of a group effort. It contains 9256 files to date. Norton scored the highest in scanning accuracy. Norton found 9251 of them. The files range from .exe, .zip, .com, .tar, .bat, .txt, .asm, and some double extensions. like .jpg.exe and the such. They are mostly older virii trojans and the such. With new ones added as they are found.

Like nihil pointed out if you rename the extension of a live virus, some scanners simply don't see them. Norton only missed 5 of them. I've seen AV scanners miss as many as 30. If I remember correctly it was Dr. Solomon's. As far as that goes, I've seen AV call things viral that aren't. Final though, IMHO the best you can ever hope for when using an AV is that some protection is most defenitley better than none. Just be sure you have good backups, so in the event of a disaster, you can bounce back quickly.

be safe and stay free