known for STRONG heuristical signatures and trace detection.

Don’t you see that the eicar-mod tests just don’t make any sense?

  1. How heuristics work: it looks for ‘suspicious’ actions the program might be using (typically by using code emulation techniques), rates them depending on finely-tuned weights and if the sum exceeds give threshold the file is deemed infected…

  2. What is eicar: eicar is a tiny dos program that basically prints the string ‘EICAR-TEST-NOT-VIRUS’ on the screen and terminates.

You see the difference? 1. has absolutely positively NO chance to “detect” 2. has it? The eicar file is per se completely benign, legit MS-DOS program, with NO malicious symptoms at all. Zero. Even Notepad would rate 1000x more for a heuristics engine (it can save files etc). Its complete, unmodified string is detected because that’s what the industry agreed on but that’s it!!

You see what I mean?