Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m posting this here since programmers write viruses, and AV software. They al

ID: 639287 • Letter: I

Question

I'm posting this here since programmers write viruses, and AV software. They also have the best knowledge of heuristics and how AV systems work (cloaking etc).

The EICAR test file was used to functionally test an antivirus system. As it stands today almost every AV system will flag EICAR as being a "test" virus. For more information on this historic test virus please click here.

Currently the EICAR test file is only good for testing the presence of an AV solution, but it doesn't check for engine file or DAT file up-to-dateness. In other words, why do a functional test of a system that could have definition files that are more than 10 years old. With the increase of zero day threats it doesn't make much sense to functionally test your system using EICAR.

That being said, I think EICAR needs to be updated/modified to be effective test that works in conjunction with an AV management solution. This question is about real world testing, without using live viruses... which is the intent of the original EICAR.

That being said I'm proposing a new EICAR file format with the appendage of an XML blob that will conditionally cause the Antivirus engine to respond.

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-EXTENDED-ANTIVIRUS-TEST-FILE!$H+H*
<?xml version="1.0"?>
<engine-valid-from>2010-1-1Z</engine-valid-from>
<signature-valid-from>2010-1-1Z</signature-valid-from>
<authkey>MyTestKeyHere</authkey>
In this sample, the antivirus engine would only alert on the EICAR file if both the signature or engine file is equal to or newer than the valid-from date. Also there is a passcode that will protect the usage of EICAR to the system administrator.

If you have a backgound in "Test Driven Design" TDD for software you may get that all I'm doing is applying the principals of TDD to my infrastructure.

Based on your experience and contacts how can I make this idea happen?

Explanation / Answer

As you said in the question, it would have to work in conjunction with an AV solution. In order for that to happen you would either need to write an AV engine, or become involved with an existing AV vendor.

If such a thing did exist... Where does the benefit come in? Just thinking devil's advocate here.. Couldn't the AV engine just report when it's database was updated?

Related Questions

I\'m now writing a program, which will allow processing data expressed in the fo
Question #644313
I\'m off by a few decimal points.. Keeping water supplies clean requires regular
Question #3209357
I\'m on moble, so these pictures may be hard to see. If you cannot read them ple
Question #3162803
I\'m on my last try so I don\'t want to do this wrong! I got every answer up unt
Question #2114992
I\'m on the Irish team heading to the International Olympiad of Informatics in B
Question #639186
I\'m on the last step of a JavaScript/jQuery problem and I\'m stuck. I have the
Question #3709703
I\'m only able to see the answer to a) to someone else\'s previous question belo
Question #2893044
I\'m only able to use http://homepage.smc.edu/stahl_howard/cs17/FileManager/refe
Question #3664606

Navigate

Previous
I\'m posting these all together because they are all very similar. 1. How many h
Next
I\'m practicing around building e-commerce asp.net applications that allows for