16 of 30 AV vendors detect EICAR encapsulated in Rich Text Files
Posted
Saturday, May 26, 2007 12:27 PM
by
hwaldron
16 of 30 AV vendors detect EICAR encapsulated in Rich Text Files
EICAR is an industry standard virus signature file that all AV vendors use for testing purposes. It is harmless. At work, I've used it often in the past to test corporate server and PC systems to ensure AV defenses were working. Vendors not detecting this test file most likely should adjust their systems
AVERT: Rich Text Malware
http://www.avertlabs.com/research/blog/index.php/2007/05/25/rich-text-malware/
16 of 30 AV vendors detect EICAR encapsulated in Rich Text Files
http://vil.nai.com/images/Blog-%20RTF%20Malware4.JPG
QUOTE: Every single scanner detected the antivirus test file EICAR.COM, but only 16 out of 30 scanners were able to detect it embedded inside a rich text file. In layman’s terms, one could take an already detected malware and embed it inside a rich text file and half the antivirus software on the market would not detect this type of threat. A perfect foil for virus authors to use in phishing and spam runs.