Neutered Virii

[valhallen]

Was just thinking about my AVP - I have it set to auto-update and once a week or so I also do a manual just to make sure.
But other than that it just sits there quietly doing its job....or at least I hope it is doing its job.

I have yet to have a virus scare - ok so I try wherever possible to only download from a product manufactuers site.

But how do we know if our AVP is working correctly without downloading some virii and checking?? But this opens up all kinds of risks

thats why i was wondering is there such a thing as neutered virii?? virii which has had its sting removed
it still contains the relevant structure to set off the alarms but cannot reproduce itself of cause damage to a computer.

has anyone heard of such a thing before??

v_Ln

[D0pp139an93r]

Intersting idea.

I've been on kazaa for the past few days, so I know my AV is wide awake. Damn thing went off every few minutes.


Edit: I forgot to ask, why would there be a reason for the AV to not be working? This is getting me paranoid.

[valhallen]

D0pp139an93r there is no real reason why it shouldn't be working - but i just realised it has never really had a true _test_

I just take it for granted that it is dooing its job when I can't say for sure that it is

edit >> for example we test our firewalls by scanning ourselves to ensure they are doing their job correctly and keeping us stealthed but I have never given my AVP a work out.

v_Ln

[debwalin]

Well, one reason it wouldn't be working would be because you've downloaded a virus that's disabled it

But I think Val meant more as a test...just to be sure that it actually is ready and able to catch those viruses that it says it is able to.

edit: Sorry, Val slipped in above me and said basically what I said.

[Maestr0]

No reasone to use a 'neutered' virus, as long as you dont execute the infected program. Simply find a executable you know to be infected and scan it. If it triggers your AV, its working.

-Maestr0

[DjM]

Hi Val, there is a test virus out there called EICAR. This test string has been used for years to test virus software.

The Eicar Test String is not a real virus. It is a text file that is used to test antivirus software. By default, the file name is Eicar.com

You can get a copy of it HERE

Hope this helps.

Cheers:

[valhallen]

DjM - thanks for that just gave it a try and AVP picked up on it
so at least I know now it is doing something - lol

v_Ln

[mark_boyle2002]

Also Val, Create a VB Proggie and put in the string to bind it to run with every executable.

Sub 7 start up one. Not published for obvious reason.

Any av will detect this as w32.generic.

[Cybr1d]

How about experimenting with real stingy virii? This is not as stupid as it sounds ....well maybe a bit. Put a bunch of virii in a floppy and have it scanned by your av software. Most likely they'll be zipped, or copy infected files on a TEST pc into a floppy and see if it will pick them up. I think EICAR is better though , less risky and more controlable.

cheers,

[alittlebitnumb]

If you know assembler, you can strip the infection routine and see what happens. There are many to choose from here: http://www.sirkussystem.com/virus.html

assemble, link and have fun.