Hey all!
I just tested my avast! mail protection (4.1.418 Home + Outlook Express) with eicar test virus on
http://www.testvirus.org/Fortunately my ISP's mail server is not running anti-virus software so I could run the tests.
The web site provides several (25) different ways to send the test virus through email. Unfortunately avast! failed 9 of these tests. I have to say that I don't know anything about these encoding techniques, I'm just curious why avast! didn't recognize eicar? Should we worry about this?
Results:
PASSED Test #1: Eicar virus sent using base64 encoding
PASSED Test #2: Eicar virus sent using binary encoding
PASSED Test #3: Eicar virus sent using quoted-printable encoding
FAILED Test #4: Eicar virus sent using uuencodingPASSED Test #5: Eicar virus sent using BinHex encoding
PASSED Test #6: Eicar virus embedded within another MIME segment
PASSED Test #7: Eicar virus sent using uuencoding within a MIME segment
PASSED Test #8: Eicar virus sent using BinHex encoding within a MIME segment
PASSED Test #9: Eicar virus sent as an inline attachment
PASSED Test #10: Eicar virus embedded within an RFC822 message
PASSED Test #11: Eicar virus within a ZIP file
FAILED Test #12: Eicar virus within a password protected ZIP filePASSED Test #13: Eicar virus sent from Pegasus, which formats email in strange ways
FAILED Test #14: Eicar virus sent in a Microsoft TNEF file (winmail.dat)PASSED Test #15: Eicar virus without quotes around the filename
FAILED Test #16: Eicar string in HTML, to ensure that your mail server scans HTML segmentsPASSED Test #17: Eicar virus hidden using the "CR Vulnerability"
PASSED Test #18: Eicar virus within zip file hidden using the "Space Gap Vulnerability"
FAILED Test #19: Eicar virus within zip file hidden using the "Blank Folding Vulnerability"FAILED Test #20: Eicar virus within zip file hidden using the "MIME Boundary Space Gap Vulnerability"FAILED Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability"PASSED Test #22: Eicar virus within zip file hidden using the "MIME Continuation Vulnerability"
FAILED Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability"FAILED Test #24: Test for the "Partial (Fragmented) Vulnerability". This does not include Eicar virus, but your mail server still must block this since it can break a virus into multiple emails and reassemble it in your inbox.PASSED Test #25: Attachment with a CLSID extension which may hide the real file extension. This does not include Eicar virus, but your mail server still must block this since it can hide the true extension of a file.
-- Jeccu --