You are here

Home » Forums » Support Forums » Security Apps Support

ClamWin: EICAR TEST

5 posts / 0 new
Log in or register to post comments
Last post
January 29, 2011 - 12:58pm
#1
Devildevilscle
Offline
Last seen: 11 years 9 months ago
Joined: 2010-11-08 13:18
ClamWin: EICAR TEST

I found an article about "testing av" and i did tried to follow steps it said to test clamwin. I copied an example virus file to a text document. I turned off the desktop's AV, renamed the txt file as mytest.com. Scanned it w/ clamwin but unfortunately, clamwin did not detected the virus. I turned the desktop's AV on, and it quickly deleted the file. Why cant clamwin detect that EICAR test virus?

Top
January 29, 2011 - 1:33pm
Moonbase
Offline
Last seen: 10 years 2 months ago
Joined: 2010-09-09 06:16
Well, it does:

Well, it does, even when just having the EICAR test in a text file:

Scan Started Sat Jan 29 19:29:49 2011
-------------------------------------------------------------------------------


G:\Documents\EICAR test.txt: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 878295
Engine version: 0.96.5
Scanned directories: 0
Scanned files: 1
Infected files: 1

Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 5.359 sec (0 m 5 s)

--------------------------------------
Completed
--------------------------------------

using WinXP+SP3, ClamWin Portable 0.96.5.

Top
January 29, 2011 - 11:06pm
3D1T0R
3D1T0R's picture
Offline
Last seen: 2 years 9 months ago
Developer
Joined: 2006-12-29 23:48
Definitions Database

Did you update the Definitions Database? To my knowledge Clamwin (Portable or otherwise) comes without any definitions, and you need to tell it to update them or it won't detect ANYthing Ever.

~3D1T0R

Top
January 31, 2011 - 8:23am
(Reply to #3)
Devildevilscle
Offline
Last seen: 11 years 9 months ago
Joined: 2010-11-08 13:18
Well

I regulary update my clamwin. Im just curious w/ this one. I just found that certain "virus test file" on gohacking.com. Clamwin just says that it cant read the file. But i'll try it again. I forgot to test it after updating my virus def yesterday. But if it still fail, my i send that certain test virus somewhere?

-:O =

Top
January 31, 2011 - 9:26am
Moonbase
Offline
Last seen: 10 years 2 months ago
Joined: 2010-09-09 06:16
Link to the EICAR original test files

The original EICAR test is a virus that isn’t one. Smile It can even be copyied as readable text characters and put into a file, then renamed to something.com. Even if you try to actually execute the virus test, it will not harm your system but only output a harmless message (»EICAR-STANDARD-ANTIVIRUS-TEST-FILE!«).

Still, I don’t want to risk any harm to PA’s forum by posting the test text here, but you can find it (and different versions to download for testing) on EICAR’s web site.

ClamAV usually reports this test as »Eicar-Test-Signature«.

Top
Log in or register to post comments