It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes first 68 characters is the known string. It is also short and simple – in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. The file is a legitimate DOS program, and produces sensible results when run (it prints the message „EICAR-STANDARD-ANTIVIRUS-TEST-FILE!“). Most products react to it as if it were a virus (though they typically report it with an obvious name, such as „EICAR-AV-Test“). It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. This test file has been provided to EICAR for distribution as the „EICAR Standard Anti-Virus Test File“, and it satisfies all the criteria listed above. A number of anti-virus researchers have already worked together to produce a file that their (and many other) products „detect“ as if it were a virus.Īgreeing on one file for such purposes simplifies matters for users: in the past, most vendors had their own pseudo-viral test files which their product would react to, but which other products would ignore. The good news is that such a test file already exists. Also, because you probably want to avoid shipping a pseudo-viral file along with your anti-virus product, your test file should be short and simple, so that your customers can easily create copies of it for themselves. If your test file is a program, then it should also produce sensible results if it is executed.
#Kaspersky antivirus downloader software
Since it is unacceptable for you to send out real viruses for test or demonstration purposes, you need a file that can safely be passed around and which is obviously non-viral, but which your anti-virus software will react to as if it were a virus. Such a test will give meaningful results, but with unappealing, unacceptable risks. Using real viruses for testing in the real world is rather like setting fire to the dustbin in your office to see whether the smoke detector is working. You use (or should use!) a secure, controlled and independent laboratory environment within which your virus collection is maintained. However, you do not (or should not!) perform your tests in a „real“ environment. If you are an anti-virus vendor, then you do this (or should do it!) before every release of your product, in order to ensure that it really works. Obviously, there is considerable intellectual justification for testing anti-virus software against real viruses. Your best response to a request from an unknown person is simply to decline politely.Ī third set of requests come from exactly the people you might think would be least likely to want viruses „users of anti-virus software“. They want some way of checking that they have deployed their software correctly, or of deliberately generating a „virus incident in order to test their corporate procedures, or of showing others in the organisation what they would see if they were hit by a virus“. There are relatively few laws (though some countries do have them) preventing the secure exchange of viruses between consenting individuals, though it is clearly irresponsible for you simply to make viruses available to anyone who asks. Other requests come from people you have never heard from before. Using strong encryption, you can send them what they have asked for by almost any medium (including across the Internet) without any real risk. Some requests are easy to deal with: they come from fellow-researchers whom you know well, and whom you trust. If you are active in the anti-virus research field, then you will regularly receive requests for virus samples.
(read the complete text, it contains important information) It was decided not to change the file itself for backward-compatibility reasons.
#Kaspersky antivirus downloader verification
The content of this documentation (title-only) was adapted 1 September 2006 to add verification of the activity of anti-malware or anti-spyware products.The definition of the file has been refined by Eddy Willems in cooperation with all vendors.
0 kommentar(er)
