[Discussion] - EICAR: The Most Common False Positive in the World

  • 6 September 2018
  • 14 replies
  • 315 views

Userlevel 7
Badge +48


 
Recently, @, published a blog post on the most common false positive in the world. 
 
EICAR
 
If you haven't had a chance to read it yet, please do. It's fascinating.
 
Personally, I want to hear from you on this!
  • Have you heard of EICAR?
  • What's your experience with it?
 
Let us know in the comments below! 
 
 

14 replies

Userlevel 7
Badge +35

Still Missing after all these years….

 

An equivalent to EICAR for URL’s:

  • A standard URL that will be BLOCKED by properly configured softare
  • Another that will generate a WARNING by properly configured software
  • And one more that will NOT be blocked by properly configured software

So sad we don’t have that even today.

 

Hello @MrPete,

 

There are several test URLs out there. The AMTSO phishing test page can be used for a URL that should be blocked: https://www.amtso.org/check-desktop-phishing-page/

For a page that should not be blocked just use Google.

 

-Dan

Userlevel 3
Badge +8

Still Missing after all these years….

 

An equivalent to EICAR for URL’s:

  • A standard URL that will be BLOCKED by properly configured softare
  • Another that will generate a WARNING by properly configured software
  • And one more that will NOT be blocked by properly configured software

So sad we don’t have that even today.

The EICAR Anti-Virus Test File[1] or EICAR test file is a computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO), to test the response of computer antivirus (AV) programs.[2] Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use a real computer virus.[3] Anti-virus programmers set the EICAR string as a verified virus, similar to other identified signatures. 192.168.1.1 A compliant virus scanner, when detecting the file, will respond in more or less the same manner as if it found a harmful virus. Not all virus scanners are compliant, and may not detect the file even when they are correctly configured. Neither the way in which the file is detected nor the wording with which it is flagged are standardized, and may differ from the way in which real malware is flagged, but should prevent it from executing as long as it meets the strict specification set by European Institute for Computer Antivirus Research.[4]
@ wrote:


 
Recently, @, published a blog post on the most common false positive in the world. 
 
EICAR
 
If you haven't had a chance to read it yet, please do. It's fascinating.
 
Personally,Google Hangouts I want to hear from you on this!
 
Let us know in the comments below! 
 
 
I also agree with that !
Trust it or not, that introduction was on the NATO interior system for over 10 years.
Userlevel 4
This was a great read. Didn't know a lot of the info in the articles. Knew nothing about the DOS application programming interface even. Every day I try and learn something about computing and think wow I know a lot and then read something like this and it just blows my mind. Didn't understand what in the world it was talking about at first (nintech article) or your original blog post so went and read the wiki on DOS API interrupt vectors and have so much to still learn. Love it. Thank you so much.
Userlevel 5
Badge +9
@ wrote:
It's nothing like that I'm just teasing you! ;)
I know, and I love it!!!
Userlevel 7
Badge +63
It's nothing like that I'm just teasing you! 😉
Userlevel 5
Badge +9
Not to say that this isn't the most awesome article about EICAR ever writen... OK, it isn't :-)
This is the most interesting thin I have ever seen written about the eicar test file. A disection and analysis of the binary. Yeah, eicar.com is not a text file. I'm gonna print it, frame it, and mount it on somebody else's Facebook wall :-)  Seriouly good read though.
 
https://blog.nintechnet.com/anatomy-of-the-eicar-antivirus-test-file/
Userlevel 7
Badge +63
@ wrote:
@ wrote:
@ wrote:
Thanks Daniel,
 
I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)
Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.
 
Cheers,
 
Randy
Now why would you waste your time? LOL
Waste my time writing the presentation for VB? Oh my! I needed a topic to present. It gaveme another International speaking engagment under my belt, and it impressed my managers 🙂 I'd call it time well spent :-) 
Incidentally, one of the guys who worked on the EICAR test file was at the presentation. He even enjoyed it!
Believe it or not, that presentation was on the NATO internal network for more than a decade.
Your words: 30 minute presentation about a harmless 68-byte file ;)
Userlevel 5
Badge +9
@ wrote:
@ wrote:
Thanks Daniel,
 
I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)
Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.
 
Cheers,
 
Randy
Now why would you waste your time? LOL
Waste my time writing the presentation for VB? Oh my! I needed a topic to present. It gaveme another International speaking engagment under my belt, and it impressed my managers 🙂 I'd call it time well spent :-) 
Incidentally, one of the guys who worked on the EICAR test file was at the presentation. He even enjoyed it!
Believe it or not, that presentation was on the NATO internal network for more than a decade.
Userlevel 7
Badge +63
@ wrote:
Thanks Daniel,
 
I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)
Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.
 
Cheers,
 
Randy
Now why would you waste your time? LOL
Userlevel 7
Badge +54
I have retweeted it @.
I had heard of Eicar but never tried it until now, Webroot spotted it as well 😉
Userlevel 5
Badge +9
Thanks Daniel,
 
I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)
Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.
 
Cheers,
 
Randy
Userlevel 7
Badge +63
I know of it and used it and it's a test file to me and nothing more. http://www.eicar.org/86-0-Intended-use.html
 
But I agree with Randy!

Reply