| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 32287 | 2003-04-14 11:00:00 | FAQ #15: How can I check that my anti-virus progrm is working? | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 135777 | 2003-04-15 13:15:00 | Well Billy's one does have a space in it. When I paste a working one into notepad and save it. The Norton AutoProtect thing kicks in to action and deletes the file. Now looking through the settings it seems as if I can set it to repair, or disable and quarintine. Is there a way to use the AutoProtect but have it let me know it has located a virus and ask me what to do. I sure as heck don't want regular files being deleted. Norton 2003. |
-=JM=- (16) | ||
| 135778 | 2003-04-15 20:58:00 | Hi JM, I installed the Eicar test when Billy first posted about it from the Eicar site. It now sits in my quarantine & each time I do a virus scan Norton's always shows it up so that's good. When Norton's asks me if I want to delete or repair it I say NO. I just leave it sitting in there & make sure that I don't delete it when I do a clean out of the quarantine. Pauline. |
Pauline (641) | ||
| 135779 | 2003-04-16 09:47:00 | Running Win XP Home Edition and Nortons 2001. Downloaded the .com file OK from Web. Did a check run, file picked up OK . Then tried to move the file from my Web Download folder to my Virus Info Folder, got access denied , clicked OK but the Window refused to disappear and I could'nt access the Virus Info Folder. Eventually shut down, rebooted and back to normal. Recommend you don't try to relocate the .com file. At the end of a virus check run, look at "info" which advises that the .com file is not a virus, then just close down the windows | FrankS (257) | ||
| 135780 | 2003-04-17 02:09:00 | Frank Because the eicar files "look" like a virus, you cannot move them around or do anything much at all with your AV program running . You have to turn it off to get your test virus set up . Depending on the AV features you have enabled, one alternative is to open the test file in notepad and temporarily insert a space in the text string so that saving can be effected but that often bites back when you try to save it again after removing the space . If it is detected in your download folder that is ok, but if you are being advised it is not a virus or it is not identified as the eicar test virus then it may have been disabled . The whole purpose of this exercise is to have a reliable indication that your AV scanning is working . You really ned to have another write-protected copy on a CD or floppy as well so that you can check if the alerts stop coming . The FAQ is not finished yet and I will cover all these issues in the final version . Cheers Billy 8-{) |
Billy T (70) | ||
| 135781 | 2003-04-17 04:12:00 | Thanks Billy, the file was identified OK as a eicar test virus and a subsequent scan picked it up OK. The problem was that the access denied window refused to disappear in spite of clicking OK and it prevented access to other attempts to remove it. It was as if the OK button was just not working. Will leave file in my Download Folder and as suggested make a floppy copy for future checks. Regards Frank. |
FrankS (257) | ||
| 135782 | 2003-04-17 08:58:00 | To get your antivirus to run on Auto-Protect but not delete files when it finds them.. Go into options and configure -> Auto Update options. Don't forget to click the little black arrow thing for more advanced options. I'd select "Try to Repair then Quarantine if Unsuccessful". If the file is unrepairable or unquarantinable then Nortons will automatically deny access to the file. If it does quarantine the file, you can still recover it later through the quarantine section. |
PoWa (203) | ||
| 135783 | 2003-04-18 00:56:00 | Set up different to yours, but running Auto Protect with setting "When virus found repair infected file". The eicar test file is detected as an infected file during each run so will leave well alone. Trying to move the file from the Web Download Folder to another folder whilst the Auto Protect was running is what I presume triggered the Access denied window, it was the fact that the OK button on this window refused to function and any other window I tried to open, opened faded and inaccessible behind the Access denied window which could'nt be moved. So it was a case of back to base, reboot and start again, which fortunately it did. Frank. | FrankS (257) | ||
| 135784 | 2003-04-21 02:08:00 | Frank Allowing your AV program to "repair infected file" will kill the Eicar "virus" and it won't work any more. You need to change the setting to "ask me what to do" or similar, then you can cancel out leaving the Eicar signature intact. The only other option is to put it on a CD or write-protected floppy so that it stays active. Cheers Billy 8-{) |
Billy T (70) | ||
| 135785 | 2003-04-25 04:24:00 | Some news just in from Symantec: On May 1, 2003, revised standards for use of the EICAR test file will go into effect. The test file is not mailcious and does not replicate, it is often used to test anti-virus installations. The first 68 characters will be the string to scan for in the file. It may be appended by any combination of white space characters with the total file length not exceeding 128 characters. The only white space characters allowed are the space character, tab, LF, CR, CTRL-Z. The EICAR web site will be updated with the new standard on May 1st. http://www.eicar.org/ I expect it will be a while before all anti-virus products enable detection for the new standard, there is no cause for alarm if a particular product does not detect the new test file(s). |
Susan B (19) | ||
| 1 2 | |||||