[Discussion] - EICAR: The Most Common False Positive in the World


Userlevel 7
Badge +47


 
Recently, @RAbrams, published a blog post on the most common false positive in the world. 
 
EICAR
 
If you haven't had a chance to read it yet, please do. It's fascinating.
 
Personally, I want to hear from you on this!
  • Have you heard of EICAR?
  • What's your experience with it?
 
Let us know in the comments below! 
 
 

12 replies

Userlevel 5
Badge +9
Thanks Daniel,
 
I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)
Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.
 
Cheers,
 
Randy
Userlevel 7
Badge +55
I know of it and used it and it's a test file to me and nothing more. http://www.eicar.org/86-0-Intended-use.html
 
But I agree with Randy!
Userlevel 7
Badge +48
I have retweeted it @RAbrams.
I had heard of Eicar but never tried it until now, Webroot spotted it as well ;)
Userlevel 5
Badge +9

@TripleHelix wrote:

@RAbrams wrote:
Thanks Daniel,
 
I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)
Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.
 
Cheers,
 
Randy

Now why would you waste your time? LOL

Waste my time writing the presentation for VB? Oh my! I needed a topic to present. It gaveme another International speaking engagment under my belt, and it impressed my managers 🙂 I'd call it time well spent :-) 
Incidentally, one of the guys who worked on the EICAR test file was at the presentation. He even enjoyed it!
Believe it or not, that presentation was on the NATO internal network for more than a decade.
Userlevel 7
Badge +55

@RAbrams wrote:

@TripleHelix wrote:

@RAbrams wrote:
Thanks Daniel,
 
I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)
Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.
 
Cheers,
 
Randy

Now why would you waste your time? LOL

Waste my time writing the presentation for VB? Oh my! I needed a topic to present. It gaveme another International speaking engagment under my belt, and it impressed my managers 🙂 I'd call it time well spent :-) 
Incidentally, one of the guys who worked on the EICAR test file was at the presentation. He even enjoyed it!
Believe it or not, that presentation was on the NATO internal network for more than a decade.

Your words: 30 minute presentation about a harmless 68-byte file ;)

Userlevel 7
Badge +55

@RAbrams wrote:
Thanks Daniel,
 
I don't know if you folowed the link to the Virus Bulletin presentation, but I will forever be amused that I gave a 30 minute presentation about a harmless 68-byte file at an antivirus conference :-)
Yeah, it is just a test fie, but if can be used to perform a variety of informative tests. Efficacy isn't one of them, as you know.
 
Cheers,
 
Randy

Now why would you waste your time? LOL
Userlevel 5
Badge +9
Not to say that this isn't the most awesome article about EICAR ever writen... OK, it isn't :-)
This is the most interesting thin I have ever seen written about the eicar test file. A disection and analysis of the binary. Yeah, eicar.com is not a text file. I'm gonna print it, frame it, and mount it on somebody else's Facebook wall :-)  Seriouly good read though.
 
https://blog.nintechnet.com/anatomy-of-the-eicar-antivirus-test-file/
Userlevel 7
Badge +55
It's nothing like that I'm just teasing you! ;)
Userlevel 5
Badge +9

@TripleHelix wrote:
It's nothing like that I'm just teasing you! ;)

I know, and I love it!!!

@freydrew wrote:


 
Recently, @RAbrams, published a blog post on the most common false positive in the world. 
 
EICAR
 
If you haven't had a chance to read it yet, please do. It's fascinating.
 
Personally,Google Hangouts I want to hear from you on this!
 
Let us know in the comments below! 
 
 

I also agree with that !
Trust it or not, that introduction was on the NATO interior system for over 10 years.
Userlevel 4
This was a great read. Didn't know a lot of the info in the articles. Knew nothing about the DOS application programming interface even. Every day I try and learn something about computing and think wow I know a lot and then read something like this and it just blows my mind. Didn't understand what in the world it was talking about at first (nintech article) or your original blog post so went and read the wiki on DOS API interrupt vectors and have so much to still learn. Love it. Thank you so much.
The EICAR Anti-Virus Test File[1] or EICAR test file is a computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO), to test the response of computer antivirus (AV) programs.[2] Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use a real computer virus.[3] Anti-virus programmers set the EICAR string as a verified virus, similar to other identified signatures. 192.168.1.1 A compliant virus scanner, when detecting the file, will respond in more or less the same manner as if it found a harmful virus. Not all virus scanners are compliant, and may not detect the file even when they are correctly configured. Neither the way in which the file is detected nor the wording with which it is flagged are standardized, and may differ from the way in which real malware is flagged, but should prevent it from executing as long as it meets the strict specification set by European Institute for Computer Antivirus Research.[4]

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings