funsec mailing list archives
Re: Overloading AV software, was Question about Viruses
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Fri, 7 Jul 2006 15:58:49 -0400
On 7/7/06, Drsolly <drsollyp () drsolly com> wrote:
> I guess thats why the eicar site says: > ------------------------- > The first 68 characters is the known string. It may be optionally > appended by any combination of whitespace characters with the total > file length not exceeding 128 characters. The only whitespace > characters allowed are the space character, tab, LF, CR, CTRL-Z. To > keep things simple the file uses only upper case letters, digits and > punctuation marks, and does not include spaces. > > ------------------------- > > Pretty specific. This seems kind of silly to me, as any variation of > code before the detection bit would result in the detection bit being > in a different location, and therefore result in the virus not being > detected, correct? Correct. That's the way that the Eicar test file is *supposed* to be. By the way, please don't call the Eicar test file a virus,
I was actually referring to the code of a virus, not the eicar test file.
> Is this a leftover of the "Signature Wars" where people were trying to > sell their AV by saying "mine detects 60,000 viriuses", 'well mine > detects 80,000', etc, etc.? I never noticed such a war - maybe the marketroids did that. Certainly, Findvirus, when you run it, tells you how many things it's scanning for. That seemed like something people would like to know. But I notice that the figure is up to 200,000 now.
well, I just ran a script to insert a newline character into all the source code for viruses I downloaded from http://www.totallygeek.com/vscdb/ so the number is now more like 400,000 :-) -JP<who single-handledly doubled all known viruses in one day> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Question about Viruses Dude VanWinkle (Jul 07)
- Re: Question about Viruses <...> (Jul 07)
- RE: Question about Viruses Larry Seltzer (Jul 07)
- RE: Overloading AV software, was Question about Viruses Richard M. Smith (Jul 07)
- RE: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
- RE: Overloading AV software, was Question about Viruses Richard M. Smith (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Re: Question about Viruses Drsolly (Jul 07)
- Re: Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Re: Question about Viruses Valdis . Kletnieks (Jul 07)
- Re: Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Re: Question about Viruses Drsolly (Jul 07)
- RE: Question about Viruses Larry Seltzer (Jul 07)
- Re: Question about Viruses <...> (Jul 07)
- Re: Re: Question about Viruses Dude VanWinkle (Jul 08)
- Re: Re: Question about Viruses Peter Kosinar (Jul 08)
- Re: Re: Question about Viruses Drsolly (Jul 08)
- Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)