I saw this article in Ed Bott's Techsanity Newsletter.........

Try this to test if your AV software is working.


"Quick Test for Your Anti-Virus Program
Okay, no worm or Trojan Horse has crashed your system yet. But does that mean your anti-virus software really works? Doug Cooley found a little test that can bring you a bit more peace of mind. Click here for more " http://techsanity.com/TechSanityIz/Articles/Display/0,,articleId=1519,00.html

My Norton AV let me save the file (alarming!!) but at least identified it as a virus when I scanned the file.

My AV was supposedly running at the time of the save - I need to check this out.

Probably 'cause you saved it as a txt file. Norton is set up to scan only certain extensions by default.
Try saving it as a txt file and then try and rename it to an exe file. Norton picks it up then.:)

Actually, I must admit, I prefer my anti-virus software not to be too zealous! For two reasons, firstly, if I actually want to report the receipt of a virus, I need to have evidence of it to be able to do it (I would never have been able to report my receipt of the Hybris worm from a NetCom UK dial-up customer to NetCom UK if I had been using anti-virus software that deletes infected email attachments, because it would have also deleted the log of the time and IP address of the sender), but secondly, there's also the chance that it might think that other legitimate files are viruses, due to some bug.

(The funny thing was, NetCom UK asked me to forward the message to them, complete with headers, which I did, and I then received an automatic reply saying that my message had been deleted because it contained a virus! :lol This was followed, a few hours later, by a message chasing up and asking why I hadn't sent it .... :confused: :lol )

Most anti-virus software allows you to choose these settings, though. I'm currently using InoculateITPE, but the real-time protection feature is set to report only and not clean anything, because I know that I'm not stupid enough to open an email attachment or contents of a floppy disk / CDROM / DVDROM / other downloaded file without scanning it first .... and also using sensible precautions in addition to this, such as not trusting things from unknown sources even if the scan says it's ok. :)

Oh Grrrrrrreat!!!

InoculateIT PE not only allowed me to save it (in real time protection)but it didn't pick it up when I scanned it.

Then I renamed it to .exe and scanned it again - still didn't pick it up :mad:

Funny thing is, I've only just finished an InoculateIT update too. :lol
Maybe I need to put arrows around it and save it as:
---> virusfile.vir <---
to help Inoculate find it :lol :lol

but I'm not larfin' :(

G

interesting cos innoculate picked it up for me

Pudds,

I ran it again , saving it as a .com and as a .exe but norton didn't pick it up either time. It picked it up on a scan of the file each time though.

AVG didn't find it for me !!!!!!!!!!!!:confused:

I wonder why it works on some people's systems and not others, even when they use the same software (the people who left comments in the link seem to support this, as well as some users here). Does it reflect a software fault or what?

I don't know whether to be concerned or not:confused: :confused:

Maybe it's just the way this "virus" was written. But it's worrying if people can write a virus which gets in to some people's systems and doesn't in others even when they're running the same AV program.

Incase it's of any use my settings for norton AV are as follows:

Autoprotect:
Start autoprotect when windows starts up (checked)
scan files when run or opened (checked)
scan files when created or downloaded (checked)
How to respond when a virus is found (quarintine)
File types to scan (Program files and documents only)
Smartscan (enabled)

Bloodhound:
enabled and set to medium level.

Must paste the stuff on ONE line - also included in F-Prot Documentation, and maybe a few others.

NB. Detecting the EICAR test is a no-brainer, since the file basically says to any compliant AV program.
"I am a test, find me!"

The most it really tells you is how your AV will react.

I pasted in one line but AVG detects ZILCH !!!:(

MTDAY....
I don't follow that.

When the AV does find it, it treats it as a genuine virus, not a test. It's just that it doesn't find it when it's being saved.

I HAVE found EICAR with AVG, in fact, it really scared me as I'd forgotten I'd left it there!

I'll dig out my example (from F-Prot docs), in case the posted one is not accurate.

My point is that it tests what the software will DO, and that detection is in some way functioning, but it tells you nothing about the adequacy of any polymorph detection, or other advanced features.

OK I follow now.
But apart from a real infection, it's about as close as you'll get for testing.

Also, I was curious to know what Norton did when it came across a virus.

We generally have to trust the software companies for things like this:lol

Pudds

Just found out my Norton is an old scanner-only version (up to date with virus definitions), so doing nothing other than when i fire off a scan:mad:

Will there be a conflict with Norton and McAfee? I have a full version of McAfee that I was going to give away.

McAfee is capable of conflicting with anything mate.
90% of system crashes are because of McAfee virus scan (:lol o.k. i'm exagerating but it's fairly high).
As for giving it away , i'd have second thoughts about giving it to my worst enemy :)
Go for one of the free virus scanners instead or update norton:)

Turn your PM's on scotsman, i have some info you might be interested in:)

Pudds

Tis done:D

'tis replied:)

Success................:)

After installing Norton AV 2001, the "virus" was picked up when I saved it as a .exe;)

Cheers Pudds:cool: