eicar virus test

I was surprised to discover upon running the Avast scan on my
c:/ drive and then on the folder containing my Eicar test file itself that the program failed to detect this test virus which in the past was always detected by McAfee. I then accessed the Eicar website, copied the Eicar text line from the site, pasted same unto an e-mail addressed to myself only to find that Avast gave the e-mail " carte blance…".no virus detected. !!Would appreciate hearing from anyone having successfully undertaken this test with Avast.

Eicar is detected perfectly by Avast. Check your settings and make yourelf familiar with how Avast works and the settings/options it is offering the user. Read the help file to learn it.

You sent the eicar test string in an e-mail body? In that case, it should not be detected (or rather, it must not be detected if the antivirus conforms to eicar specifications).

Eddy:

I don’t mean the following comment to be derogatory but I am
somewhat disconcerted by replies I receive from time to time
that assume I haven’t checked my settings or read my help files.
Isn’t this what everyone does before turning to a forum for assistance? In this case for instance the only setting I see that could prevent Avast from alerting me to an e-mail containing an Eicar test file or a scan of the folder in which I keep this text would be in the exclusion settings. So if you could be a little more explicit and point me in the right direction, I would be most appreciative. Thanks

Isn't this what everyone does before turning to a forum for assistance?
Unfortunatly most people don't do this. :-\ Looks like you are one of the few who do so :D

Please tell us what you did exactly (step-by-step would be great) and let us know if you did what Igor said.
We will find out what happend and help you :wink:

Igor.

Would you please clarify your response to my inquiry. Why would Avast not zero in on the Eicar text line included in the body of an e-mail. It did when I was using McAfee. What would be the Avast protocol be that eliminates the Eicar virus threat from being subject to the usual alarm when a virus is present in an e-mail?
Thanks for the input.

If you check the eicar.org page, it says:

Any anti-virus product that supports the test file should detect it in any file providing that the file [b]starts with[/b] the following 68 characters, and is exactly 68 bytes long: ... It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters.

So, the eicar test string can only be detected when it’s at the very beginning of the file (i.e. at offset 0). If you put the text into e-mail body, it is not at the beginning of the file (there are e-mail headers before, subject, etc), thus it shouldn’t be detected. Also, there is a limitation of what might be appended to the eicar test string (just “a few spaces”, basically).
The reason of all this is to prevent malicious code to mask themselves as “innocent” eicar test by prepending/appending the string to themselves.

If McAfee detects eicar even in an e-mail body, then it’s simply wrong - it is not supposed to do that.

If you want to check if avast! detects eicar in an e-mail, put it into a text file (eicar.txt) and send it as an attachment - then, it should be detected.

Thanks for taking more of your time to clarify your previous reply. I did as suggested and Avast came on like gangbusters advising me of the presence of an infected file as well as its name. Now if I can find out why Avast does not pick up Eicar when it scans the folder where Eicar is to be found, I will have it made!

Regards
Tracker

Well, how exactly did you put eicar to that folder and how exactly did you scan it?

Eddy;

Dumb and dumber …that’s what comes with old age , at least in my case. After discovering that Igor was right, I ran an additional scan of the folder in which the Eicar string is located and once again, no alarm. I then opened the file only to find that while the text file was there, the command file was nowhere to be found!
I downloaded same from the Eicar site, ran the Avast scan once more and, as you would expect, the virus warning popped up immediately. I can only assume that when I
scanned my drive a month ago upon downloading the Avast software, the test file must have been located but inadvertently deleted. My apologies to both you and Igor for taking up your time unnecessarily. Your help much appreciated.