|
Posted by matthias on June 14, 2005, 1:14 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hey,
I searched now for 2 days on the internet about the following problem:
I need to create simulated viruses, and I thought I can do this by
using public available virus signatures (like the clamav database).
Well I tried to attach these signatures to different files with a text-
or hexeditor, but my Virus Scanning Software did not recognize any of
them as a virus.
Can anybody tell me what I am doing wrong or how this simulated viruses
could be created ?
Thanks!
|
|
Posted by legg on June 14, 2005, 9:53 am
If you were Registered and logged in, you could reply and use other advanced thread options
>Hey,
>
>I searched now for 2 days on the internet about the following problem:
>I need to create simulated viruses, and I thought I can do this by
>using public available virus signatures (like the clamav database).
>Well I tried to attach these signatures to different files with a text-
>or hexeditor, but my Virus Scanning Software did not recognize any of
>them as a virus.
>Can anybody tell me what I am doing wrong or how this simulated viruses
>could be created ?
>Thanks!
If all you want to do is trigger AV sw -
http://www.eicar.org/anti_virus_test_file.htm
RL
|
|
Posted by matthias on June 14, 2005, 3:43 am
If you were Registered and logged in, you could reply and use other advanced thread options
to trigger the software, I need to test some equipment with real
"virus" files, not just with that single test file.
|
|
Posted by Zvi Netiv on June 14, 2005, 2:10 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> thanks for that, I have tried this one already. but I do not only want
> to trigger the software, I need to test some equipment with real
> "virus" files, not just with that single test file.
You are wasting your time. AV aren't supposed to respond to dummy viruses, only
to the real thing - with one exception: The EICAR test string.
There is no way to effectively "simulate" a virus. The way antivirus are tested
is against real viruses, and the tests are supposed to be conducted by
individuals or agencies that qualified to conduct them.
Regards, Zvi
--
NetZ Computing Ltd. ISRAEL www.invircible.com www.ivi.co.il (Hebrew)
InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities
|
|
Posted by Roger Wilco on June 14, 2005, 6:17 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hey,
>
> I searched now for 2 days on the internet about the following problem:
> I need to create simulated viruses, and I thought I can do this by
> using public available virus signatures (like the clamav database).
> Well I tried to attach these signatures to different files with a
text-
> or hexeditor, but my Virus Scanning Software did not recognize any of
> them as a virus.
They shouldn't - they should only detect the real viruses. AVs go to
great lengths to ensure that false positive detections are as rare as
possible - it is as important as detection of real threats is.
> Can anybody tell me what I am doing wrong or how this simulated
viruses
> could be created ?
Somebody (Vecna?) made a program that generated false positive files
(for a specific AV) by sort of reverse engineering their definition
set - I forgot the name of the program and the AV it was aimed at
though.
I suppose real viruses could be used if extreme care was taken to make
them non-threatening - that is ensure that the system being used cannot
execute them. Exactly what are you testing that makes the EICAR test
string unacceptable?
|
| Similar Threads | Posted | | create your spyware????? | June 4, 2005, 5:19 pm |
| Disable AVG signature | February 28, 2006, 9:27 am |
| Nod32 signature | December 13, 2006, 11:12 am |
| NOD32 Signature | May 6, 2008, 2:00 am |
| Remove NOD signature from emails? | August 9, 2005, 4:49 am |
| eTrust Signature Distribution options | November 2, 2005, 5:18 pm |
| Re: BugHunter Signature Update 05.08.2007 | May 16, 2007, 4:07 pm |
| Re: BugHunter Signature Update 05.08.2007 | May 16, 2007, 6:43 pm |
| BugHunter Signature Update 06.12.2007 | June 12, 2007, 4:50 pm |
| BugHunter Signature Update 06.17.2007 | June 13, 2007, 6:36 pm |
|
XML site map