11/13/2008
Virustotal, virus infected pdf files and alerts (amazing)
I downloaded the testfile from didier stevens eicar.pdf that has the eicar virust test integrated in a PDF file.
I send it to Virustotal to have an idea if the file would be recognised as such, keeping the same name. It was only detected by one antivirus.
What I saw on my own computer is that the antivirus only detected it when I opened it. So I could download the file and if I could open the file before the startup of the antivirus than I would have free game.....
But than I thought, maybe the firms will say that virustotal is not the same scan as they would do, so I tried several of their services as well on their own site
http://www.kaspersky.com/scanforvirus
and to be sure we used another service http://www.novirusthanks.org
so is it now clear why PDF files seem so interesting as transport ?
01:00 | Permalink | Comments (1) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Comments
AV engines shouldn't detect the EICAR string inside the PDF, unless they are designed to scan embedded files in PDF and the EICAR test file is embedded in the PDF. That's the case with the EICAR PDF I build.
Posted by: Didier Stevens | 11/13/2008
Respond to this commentPost a comment