|
Posted by Julian on November 25, 2005, 10:50 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
> Close! The string you need is:
>
> X5O!P%@AP[4\PZX54(P^^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>
> I see you'ved added an extra caret at (P^) but the extra percent !P%% is
> unnecessary.
I don't think it is unnecessary, because I tested it first by echoing to
a regular eicar.com and then checking the result in notepad, and with
only one percent, there was no percent in the output file. I needed two,
to get the one that is supposed to be there.
>
> To test this, once written, you need to type:
>
> more < test.txt:eicar.com > eicar.com
>
> NAV 2002 notices this when using more, but not when writing the string.
That's presumably because at that point it's saving it to a regular .com
file. I was interested in whether any anti-virus would detect the Eicar
file when it is being written to an ADS, or while it is hidden there,
during an on-demand scan.
--
Julian
| 
XML site map