home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PowerQuest 2002
/
PowerQuest 2002.iso
/
DRWEB
/
TEST.TXT
< prev
next >
Wrap
Text File
|
1999-02-17
|
4KB
|
63 lines
EICAR Test File
This TEST.TXT file is helpful in äá¡¡δ⌐ Σá⌐½ (TEST.TXT) »«ºó«½¿Γ éá¼
testing the performance of the »α«ΓÑßΓ¿α«óáΓ∞ αáí«Γ«ß»«ß«í¡«ßΓ∞ á¡Γ¿-
antivirus programs detecting ó¿απß¡δσ »α«úαá¼¼, «í¡áαπª¿óáεΘ¿σ ó¿απ-
viruses with their signatures (for ßδ »« ¿σ ß¿ú¡áΓπαá¼ (¡á»α¿¼Ñα, á¡Γ¿ó¿-
example, Doctor Web, DSAVmail, απß¡δσ »α«úαá¼¼ Doctor Web, DSAVmail,
Spider anti-virus programs). Spider ¿ ñα.).
For this purpose, most of the anti- é ¡áßΓ«∩ΘÑÑ óαѼ∩ ¼¡«ú¿¼¿ αáºαáí«Γτ¿¬á-
virus designers at present ¼¿ á¡Γ¿ó¿απß«ó »α¿¡∩Γ« ñ½∩ φΓ«⌐ µÑ½¿
generally make use of the standard ¿ß»«½∞º«óáΓ∞ «ñ¡π ¿ Γπ ªÑ ßΓá¡ñáαΓ¡πε
TEST.COM program. »α«úαá¼¼π TEST.COM. ¥Γá »α«úαá¼¼á íδ½á
The TEST.COM program is _specially_ _߻ѵ¿á½∞¡«_ αáºαáí«Γá¡á ñ½∩ Γ«ú«, τΓ«-
designed such that the user, íδ »«½∞º«óáΓѽ∞, ¡Ñ »«ñóÑαúá∩ ßó«⌐
without endangering his machine, ¬«¼»∞εΓÑα «»áß¡«ßΓ¿, ¼«ú »«ß¼«ΓαÑΓ∞,
may verify how a newly-installed ¬á¬ Ñú« ßóѪÑπßΓá¡«ó½Ñ¡¡δ⌐ á¡Γ¿ó¿απß
anti-virus tool will alert the user íπñÑΓ ß¿ú¡á½¿º¿α«óáΓ∞ ó ß½πτáÑ «í¡áαπ-
on detecting a virus. The TEST.COM ªÑ¡¿∩ ó¿απßá. Åα«úαá¼¼á TEST.COM ¡á ßá-
program, in reality, is not a ¼«¼ ñÑ½Ñ ó¿απß«¼ ¡Ñ ∩ó½∩ÑΓß∩, ¡« «»αÑ-
virus, but it is recognized by the ñѽ∩ÑΓß∩ í«½∞Φ¿¡ßΓó«¼ á¡Γ¿ó¿απß¡δσ
majority of anti-virus utilities »α«úαá¼¼ (¿ »α«úαá¼¼«⌐ Doctor Web, ó
(even Doctor Web) as if it is a τáßΓ¡«ßΓ¿) ∩¬«íδ ¬á¬ ó¿απß. Åα¿ φΓ«¼
virus. Furthermore, on detecting Doctor Web ¡áºδóáÑΓ φëà "ó¿απß" ß½Ññπ-
this "virus", Doctor Web reports εΘ¿¼ «íαẫ¼:
EICAR Test File (Not a Virus!)
Other anti-virus utilities also Åα¿¼Ñα¡« ΓᬠÑú« ¡áºδóáεΓ ¿ ñαπú¿Ñ á¡-
alert along somewhat similar lines. Γ¿ó¿απß¡δÑ »α«úαá¼¼δ. ä½∩ ß»αáó¬¿:
(The acronym EICAR stands for EICAR - European Institute for Computer
European Institute for Computer Anti-Virus Research.
Anti-Virus Research).
Åα«úαá¼¼á TEST.COM »αÑñßΓáó½∩ÑΓ ß«í«⌐
The TEST.COM program is a 68-byte 68-íá⌐Γ¡δ⌐ COM-Σá⌐½, αѺπ½∞ΓáΓ ¿ß»«½¡Ñ-
COM-file, which on executed prints ¡¿∩ ¬«Γ«α«ú« - óδó«ñ ΓѬßΓ«ó«ú« ß««íΘÑ-
on the screen ¡¿∩:
EICAR-STANDARD-ANTIVIRUS-TEST-FILE!
and then returns control to DOS. ß »«ß½ÑñπεΘ¿¼ ó«ºóαáΓ«¼ π»αáó½Ñ¡¿∩ ó
The TEST.COM file contains only DOS. öá⌐½ TEST.COM ß«ßΓ«¿Γ »«½¡«ßΓ∞ε ¿º
printable characters and the ΓѬßΓ«óδσ ß¿¼ó«½«ó ¿ ß««ΓóÑΓßΓóπεΘá∩
corresponding text string reads as ΓѬßΓ«óá∩ ßΓα«¬á ¿¼ÑÑΓ ß½ÑñπεΘ¿⌐ ó¿ñ:
follows:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
In the file you are presently àß½¿ ¿º τ¿ΓáѼ«ú« éἿ Σá⌐½á (TEST.TXT)
reading now (i.e., TEST.TXT), if «ßΓáó¿Γ∞ ½¿Φ∞ óδΦÑ»α¿óÑñÑ¡¡πε ßΓ᫬π ¿
you retain only the above line and Γᬿ¼ «íαẫ¼ «ΓαÑñá¬Γ¿α«óá¡¡δ⌐ Σá⌐½
delete all other text matter and ß«σαá¡¿Γ∞ »«ñ ¿¼Ñ¡Ñ¼ TEST.COM, Γ« ó αÑ-
rename the file thus edited to ºπ½∞ΓáΓÑ »«½πτ¿Γß∩ »α«úαá¼¼á, ¬«Γ«αá∩ ¿
TEST.COM, you obtain a program, íπñÑΓ «»¿ßá¡¡δ¼ óδΦÑ "ó¿απß«¼".
which is the "virus" described
above.
Information Service Department ê¡Σ«α¼áµ¿«¡¡á∩ ß½πªíá
DialogueScience,Inc. çÇÄ "ä¿á½«úìáπ¬á"
E-mail: Antivir@DialogNauka.ru
http://www.DialogNauka.ru