我来我网
https://5come5.cn
 
您尚未 登录  注册 | 菠菜 | 软件站 | 音乐站 | 邮箱1 | 邮箱2 | 风格选择 | 更多 » 
 

本页主题: 关于杀毒软件测试代码的提醒 显示签名 | 打印 | 加为IE收藏 | 收藏主题 | 上一主题 | 下一主题

iguard



贝尔诺勋章 自信之戒
性别: 帅哥 状态: 该用户目前不在线
头衔: 要走了
等级: 版主
家族: 战略研究所
发贴: 11259
威望: 5
浮云: 407
在线等级:
注册时间: 2005-12-07
最后登陆: 2009-11-04

5come5帮你背单词 [ stair /st/ə/ n. (常pl.)楼梯,阶梯 ]


关于杀毒软件测试代码的提醒

昨天有一个蝈蝈发了一个帖,贴出了一个杀毒软件测试代码。见:http://192.168.2.8/bbs/read.php?tid=437578

其实这个帖子中的代码不是原版的官方代码,所以造成很多杀毒软件无法识别,引起了大家一定程度的担心。

原版的测试代码为:X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

现在我把原始的官方网页贴出来,请大家重新测试。

至于有些杀毒软件可以检测被改动的杀毒软件测试代码,我自己没有亲眼见到,不敢完全否定。如果真有这种情况,我个人认为,这个杀毒软件是有问题的。

官方网站上的对应网页:
http://www.eicar.org/anti_virus_test_file.htm

网页内容:
Copy code
THE ANTI-VIRUS OR ANTI-MALWARE TEST FILE
Additional notes:
(1) This file used to be named ducklin.htm or ducklin-html.htm or similar based on its original author Paul Ducklin and was made in cooperation with CARO.
(2) The definition of the file has been refined 1 May 2003 by Eddy Willems in cooperation with all vendors.
(3) The content of this documentation (title-only) was adapted 1 September 2006 to add verification of the activity of anti-malware or anti-spyware products. It was decided not to change the file itself for backward-compatibility reasons.


The Anti-Virus or Anti-Malware test file
(read the complete text, it contains important information)

Version of 7 September 2006

If you are active in the anti-virus research field, then you will regularly receive requests for virus samples. Some requests are easy to deal with: they come from fellow-researchers whom you know well, and whom you trust. Using strong encryption, you can send them what they have asked for by almost any medium (including across the Internet) without any real risk.

Other requests come from people you have never heard from before. There are relatively few laws (though some countries do have them) preventing the secure exchange of viruses between consenting individuals, though it is clearly irresponsible for you simply to make viruses available to anyone who asks. Your best response to a request from an unknown person is simply to decline politely.

A third set of requests come from exactly the people you might think would be least likely to want viruses "users of anti-virus software".

They want some way of checking that they have deployed their software correctly, or of deliberately generating a "virus incident in order to test their corporate procedures, or of showing others in the organisation what they would see if they were hit by a virus".

Obviously, there is considerable intellectual justification for testing anti-virus software against real viruses. If you are an anti-virus vendor, then you do this (or should do it!) before every release of your product, in order to ensure that it really works. However, you do not (or should not!) perform your tests in a "real" environment. You use (or should use!) a secure, controlled and independent laboratory environment within which your virus collection is maintained.

Using real viruses for testing in the real world is rather like setting fire to the dustbin in your office to see whether the smoke detector is working. Such a test will give meaningful results, but with unappealing, unacceptable risks.

Since it is unacceptable for you to send out real viruses for test or demonstration purposes, you need a file that can safely be passed around and which is obviously non-viral, but which your anti-virus software will react to as if it were a virus.

If your test file is a program, then it should also produce sensible results if it is executed. Also, because you probably want to avoid shipping a pseudo-viral file along with your anti-virus product, your test file should be short and simple, so that your customers can easily create copies of it for themselves.

The good news is that such a test file already exists. A number of anti-virus researchers have already worked together to produce a file that their (and many other) products "detect" as if it were a virus.

Agreeing on one file for such purposes simplifies matters for users: in the past, most vendors had their own pseudo-viral test files which their product would react to, but which other products would ignore.

This test file has been provided to EICAR for distribution as the "EICAR Standard Anti-Virus Test File", and it satisfies all the criteria listed above. It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name, such as "EICAR-AV-Test").

The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!").

It is also short and simple - in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero.

You are encouraged to make use of the EICAR test file. If you are aware of people who are looking for real viruses "for test purposes", bring the test file to their attention. If you are aware of people who are discussing the possibility of an industry-standard test file, tell them about [url]www.eicar.org[/url], and point them at this article.

In order to facilitate various scenarios, we provide 4 files for download. The first, eicar.com, contains the ASCII string as described above. The second file, eicar.com.txt, is a copy of this file with a different filename. Some readers reported problems when downloading the first file, which can be circumvented when using the second version. Just download and rename the file to "eicar.com". That will do the trick. The third version contains the test file inside a zip ARCHIVEe. A good anti-virus scanner will spot a 'virus' inside an ARCHIVEe. The last version is a zip ARCHIVE containing the third file. This file can be used to see whether the virus scanner checks ARCHIVEes more than only one level deep.

Once downloaded run your AV scanner. It should detect at least the file "eicar.com". Good scanners will detect the 'virus' in the single zip ARCHIVEe and may be even in the double zip ARCHIVEe. Once detected the scanner might not allow you any access to the file(s) anymore. You might not even be allowed by the scanner to delete these files. This is caused by the scanner which puts the file into quarantaine. The test file will be treated just like any other real virus infected file. Read the user's manual of your AV scanner what to do or contact the vendor/manufacturer of your AV scanner.

Important note: EICAR cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. YOU DOWNLOAD THESE FILES AT YOUR OWN RISK. Download these files only if you are sufficiently secure in the usage of your AV scanner. EICAR cannot and will not provide any help to remove these files from your computer. Please contact the manufacturer/vendor of your AV scanner to seek such help.

Download area using the standard protocol http
eicar.com 68 Bytes   eicar.com.txt 68 Bytes   eicar_com.zip 184 Bytes   eicarcom2.zip 308 Bytes
Download area using the secure, SSL enabled protocol https
(Note: For the time being we make use of a self-signed certificate. You may be asked by your browser whether you trust this site.
Depending on acceptance of this new service we may install a certificate coming from a trusted
Certificate Authority at a later point in time.)
eicar.com 68 Bytes   eicar.com.txt 68 Bytes   eicar_com.zip 184 Bytes   eicarcom2.zip 308 Bytes


How to delete the test file from your PC

We understand (from the many emails we receive) that it might be difficult for you to delete the test file from your PC. After all, your scanner believes it is a virus infected file and does not allow you to access it anymore. At this point we must refer to our standard answer concerning support for the test file. We are sorry to tell you that EICAR cannot and will not provide AV scanner specific support. The best source to get such information from is the vendor of the tool which you purchased.

Please contact the support people of your vendor. They have the required expertise to help you in the usage of the tool. Needless to say that you should have read the user's manual first before contacting them.



[ 此贴被iguard在2007-03-25 14:27重新编辑 ]
顶端 Posted: 2007-03-25 13:59 | [楼 主]
zc1984





性别: 帅哥 状态: 该用户目前不在线
头衔: 上帝模式
等级: 荣誉会员
家族: 战略研究所
发贴: 10096
威望: 5
浮云: 0
在线等级:
注册时间: 2004-08-24
最后登陆: 2017-06-08

5come5帮你背单词 [ magician /mə'd3əiən/ a. 魔术师 ]


我的KIS6.0属于超好的那种~~
瓦卡卡~
顶端 Posted: 2007-03-25 14:15 | [1 楼]
jiju84



性别: 帅哥 状态: 该用户目前不在线
头衔: 【做人要低调!!】
等级: 前途无量
家族: J&S
发贴: 6455
威望: 0
浮云: 1253
在线等级:
注册时间: 2005-03-07
最后登陆: 2010-03-18

5come5帮你背单词 [ period /'piəriəd/ n. 一段时间,时期,学时,订时,周期,期间,句点 ]


mac
保存2s就发现了
顶端 Posted: 2007-03-25 14:24 | [2 楼]
wisdom



性别: 帅哥 状态: 该用户目前不在线
头衔: Nirvanaing...
等级: 荣誉会员
发贴: 4001
威望: 4
浮云: 429
在线等级:
注册时间: 2005-04-09
最后登陆: 2012-04-20

5come5帮你背单词 [ hunter /'hΛntə/ n. 猎人 ]


ZoneAlarm 比较好.
传说中杀毒软件排行第三的 AntiVir 居然毫无反应....
顶端 Posted: 2007-03-25 21:20 | [3 楼]
qkshan



性别: 帅哥 状态: 该用户目前不在线
等级: 栋梁之材
家族: 单身贵族
发贴: 686
威望: 0
浮云: 1422
在线等级:
注册时间: 2006-12-29
最后登陆: 2011-11-10

5come5帮你背单词 [ density /'densiti/ n. 稠密,浓度,密度 ]


楼主说的原代码与我发帖的代码相差一个地方
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
X50!P%@AP[4\P2X54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
就是2和z,我怀疑是我自己抄错了,不过这两个代码保存下来都会被扫描出来病毒的
不知道大家的怎么样
顶端 Posted: 2007-03-25 22:18 | [4 楼]
wisdom



性别: 帅哥 状态: 该用户目前不在线
头衔: Nirvanaing...
等级: 荣誉会员
发贴: 4001
威望: 4
浮云: 429
在线等级:
注册时间: 2005-04-09
最后登陆: 2012-04-20

5come5帮你背单词 [ addition /ə'diən/ n. 加,加法;附加部分,增加 ]


Z 的被查出来了,而 2 的没有。
顶端 Posted: 2007-03-26 07:52 | [5 楼]
iguard



贝尔诺勋章 自信之戒
性别: 帅哥 状态: 该用户目前不在线
头衔: 要走了
等级: 版主
家族: 战略研究所
发贴: 11259
威望: 5
浮云: 407
在线等级:
注册时间: 2005-12-07
最后登陆: 2009-11-04

5come5帮你背单词 [ tomorrow /tə'morəu/ n. 明天;ad. 在时天,在明日 ]


Quote:
引用第4楼qkshan于2007-03-25 22:18发表的:
楼主说的原代码与我发帖的代码相差一个地方
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
X50!P%@AP[4P2X54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
就是2和z,我怀疑是我自己抄错了,不过这两个代码保存下来都会被扫描出来病毒的
不知道大家的怎么样

Copy code
The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero.

第三个字也不对。

至于错误的代码也被杀毒软件扫描,我个人认为,这不是一件好事。

拜托楼主不要手抄。你给的两个代码都另外还少一个反斜杠。我说我的杀毒软件怎么没反应。
顶端 Posted: 2007-03-26 08:03 | [6 楼]
我来我网·5come5 Forum » 电脑F.A.Q.

Total 0.010328(s) query 5, Time now is:11-22 00:01, Gzip enabled
Powered by PHPWind v5.3, Localized by 5come5 Tech Team, 黔ICP备16009856号