Flavien Scheurer :verified: · @cyann
79 followers · 131 posts · Server infosec.exchangeOne day someone will replace the #EICAR string with AAAAC3NzaC1lZDI1NTE5AAAAI
· @barubary
13 followers · 172 posts · Server infosec.exchange
In order to test #antivirus software, the EICAR test virus was created:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
It is 68 bytes of plain ASCII text that also happen to be valid x86 machine code (all it does is output EICAR-STANDARD-ANTIVIRUS-TEST-FILE! and stop). The idea is that AV will treat this harmless file like malware, so you can test whether detection works properly without having to download an actual virus.
The original #eicar spec called for AV to detect any file that starts with this string of 68 bytes. However, in 2002 a Windows batch worm was created that disguised itself as a harmless test file by starting its list of commands with the EICAR string (which causes a "command not found" error, but does not prevent the rest of the .bat file from running). If the user had AV installed, it would detect the worm only as a harmless test file.
To fix this, the EICAR spec was updated in 2003. It places the following constraints on the test file:
- It must be 128 bytes long or less.
- The first 68 bytes must be identical to the test string shown above.
- All following bytes (if any) must be from the following set of ASCII characters: space (32), tab (9), carriage return (13), line feed (10), Ctrl-Z (26).
Anything else will not be detected as the EICAR test virus. This prevents actual malware from hiding behind the EICAR test.
Crazypedia :breadified: · @Crazypedia
539 followers · 5867 posts · Server pagan.plus
So... I used #SigilEngine here to generate a #sigil for the #eicar antivirus test string, and long story short here's a cool new desktop #wallpaper...
#MastoArt :boost_ok:
:cc_cc: :cc_by: :cc_nc_us: :cc_sa:
#MastoArt #wallpaper #eicar #sigil #SigilEngine
Vengeur Masqué · @vm666
177 followers · 1316 posts · Server mastodon.hofud.comLa chaîne de test #EICAR ne doit être détectée que lorsqu'elle est seule dans le fichier, ou alors en tête de fichier. Mais des antivirus font du zèle, probablement pour faire croire qu'ils sont plus efficaces que les concurrents.
Vengeur Masqué · @vm666
177 followers · 1316 posts · Server mastodon.hofud.comPostfix permet de choisir un message de rejet sur les réponses 550.
J'ai mis la chaîne de test antivirus #EICAR, avec le secret espoir qu'elle soit écrite dans un journal et interceptée par un #antivirus mal fichu qui se déchaînera sur le canon à #spam du cyberpénible en face.
Le côté frustrant de l'opération est que je n'ai aucun retour.
Vous croyez que ça a une chance de marcher?