Solved

Eicar test virus not being caught.

  • 25 August 2013
  • 17 replies
  • 292 views

Hi I've been using Webroot SecureAnywhere Mobile Premier & thought I'd test this app with the eicar test virus, I'm disappointed to say it did not prevent the download nor did it find the test (.txt & .zip versions) virus when running a scan. I'd like to know whether there's a reason for this or whether I've wasted my money?
Tia,
Doctor9fan.
icon

Best answer by CameronP 26 August 2013, 19:02

View original

17 replies

Userlevel 7
Hello Doctor9fan and welcome to the Webroot Commumity!  


 
I will need to let someone with a bit more knowledge and experience answer about the eicar test files, but I can assure you that you have not wasted your money.  WSA has worked quite excellently for my computer and phone against real threats.  So far, and I have tested, not a single infection has gone past undiscovered by WSA.
Userlevel 7
If I understood correctly, you tested the eicar files on your android device with WSA Premium installed on, didn't you? Eicar test files aren't intended for testing on an Android device. However on Windows platform they are detected by WSA.
Userlevel 7
Thanks Pegas!
Userlevel 7
MODS: If the following content and link are inappropiate please remove it.  
 
 
Source and full article: Wikipedia
 
"The file is a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can be run by Microsoft operating systems and some work-alikes (except for 64-bit due to 16-bit limitations), including OS/2."
 
 
Source and full article: EICAR
 
"Version of 7 September 2006"
 
"The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!")."
 
 
I belive Pegas us absolutely correct in that the file will not likely be detected by WSA Mobile as it is designed to find Android based threats: DOS based would not be a threat to an Android device and so probably not found.
 
Anyone more in the know please chime in to correct what I have found.
Userlevel 7
Great article David, thanks. :D I like to be briefly factual (in other words lazy) but that necessitates someone's interaction who elaborates my facts. 😃
Userlevel 7
@ wrote:
Great article David, thanks. :D I like to be briefly factual (in other words lazy) but that necessitates someone's interaction who elaborates my facts. :D
I was being lazy in my first reply (had not had my mornin coffee yet...)  Your reply got me thinking, and looking.  You get the Kudo's for it as I would not have looked without your reply!  
 
 :)
Userlevel 7
That's the way how the Webroot community works and what is the power of our community, we are all the one team helping each other.
Userlevel 6
Badge +21
There are several android apps in the google play/market store that simulate the eicar test file.
 
This article mentions 2 (EICAR Anti-virus Test by eXtorian, and Antivirus TESTFILE)
http://www.androidheadlines.com/2011/03/5-android-antivirus-apps-comapred-find-out-which-ones-are-worth-having.html
 
and a third one is called Zoner AntiVirus Test.
 
 
Userlevel 7
Virtualpb, 
 
Very good points and information.  The original post appears to have not used the Andoid Market version of the files as he mentions .txt and .zip  These will not be detected.
 
I would be very interested to hear what the results are when the Android ported versions of the test file are.  And no.. I did not know about the Android versions - in my quick reference lookup earlier I did not run into it and I needless to say have not run it on my own mobile devices.
Userlevel 7
Badge +56
I personally don't care for test files they are useless and don't tell the real story IMO of course.
 
TH
Userlevel 7
Yes I too. They can never replace the real environment and conditions. Moreover WSA uses different approach than conventional av solutions and thus test results are irrelevant.
@ wrote:
There are several android apps in the google play/market store that simulate the eicar test file.
 
This article mentions 2 (EICAR Anti-virus Test by eXtorian, and Antivirus TESTFILE)
http://www.androidheadlines.com/2011/03/5-android-antivirus-apps-comapred-find-out-which-ones-are-worth-having.html
 
and a third one is called Zoner AntiVirus Test.
 
 
Unfortunately the Kindle cannot use the Googleplay store as Amazon have their own store.
@ wrote:
If I understood correctly, you tested the eicar files on your android device with WSA Premium installed on, didn't you? Eicar test files aren't intended for testing on an Android device. However on Windows platform they are detected by WSA.
Yes I tested Webroot mobile premier on my Kindle Fire HD.
Strange as other (free I might add) av software did catch the eicar test virus when it ran both an automatic & manual scan, so why would that be the case & Webroot didn't?
@DavidP1970 wrote:
Virtualpb, 
 
Very good points and information.  The original post appears to have not used the Andoid Market version of the files as he mentions .txt and .zip  These will not be detected.
 
I would be very interested to hear what the results are when the Android ported versions of the test file are.  And no.. I did not know about the Android versions - in my quick reference lookup earlier I did not run into it and I needless to say have not run it on my own mobile devices.
Yes I'm limited to Amazon's own app store & btw I'm a she not a he. :)
 
As I've said in another reply other av software caught the eicar test files so it surprises me that this doesn't.
Userlevel 7
There have been other posts regarding tests, and sometimes the results are misleading. It is quite easy for an AV to be made to pick up test files, and as a result some companies do not attempt to do so: test file detection is not always considered an indication of real world performance against real threats.

Still, hopefully someone from Webroot will weigh in on it for us. 🙂
Userlevel 7
@ wrote:
Yes I'm limited to Amazon's own app store & btw I'm a she not a he. :) 
As I've said in another reply other av software caught the eicar test files so it surprises me that this doesn't.
I tend to think that other Android security solutions have flagged those files just solely based on their names which are very popular being the test files. As I said and David explained a bit more the Eicar test files cannot work properly on Android platform, it means that they cannot be properly analyzed by security solutions. It is like taking WSA for Android on a Windows machine and blaming him for failing on the test files.
Userlevel 4
Hi there! I am with the Webroot Mobile Threat Research Team and wanted to clear up a few things about these test files.
 
For starters, the Amazon App Store does, indeed, not have any test apps available for download. Since you have a Kindle, the Play store isn't an option, like you said, and we don't ever recommend downloading apps from any unofficial sources. (You might end up with real Android malware! :p )
 
We do, however, detect the majority of the Android-based AV-Testing/Eicar-type apps available via the Play store. This is because they are ported versions of the original test file from Eicar or contain other malicious intent used for testing purposes. These types of apps are more relevant than the Windows versions of the tests when testing your Android protection. Since they are actually packaged and run as apps for Android, they demonstrate how a true malicious app is installed and run like any other app.
 
We do not detect the Eicar Windows test files with our Android app. Detecting malicious Windows-based files does not really indicate the type or strength of protection your Android antivirus/antimalware app is providing. PC malware is not able to affect the Android OS or run, in any capactiy, natively. If you were to connect your phone to your PC, however, your computer's protection should then detect any test files. Some may require the file actually be moved to the PC or opened, but the file should not go undetected after that.

Reply