Many years ago it was recognised that there existed a need to test AV software without throwing live viruses around and so the EICAR test file was developed as a safe way of testing that AV software was indeed working.
This was fine but I think there is now a need for an EICAR v2. Something that is NOT recognised by AV software by default. Why would this be of use?
Well, A scenario I had last week involved a virus getting onto NetApp filers. Now, Netapp will send the file to an AV scanner and get one of three responses back: clean, infected or timed out.
Clean means the file gets added to the clean list and will not be rescanned until the file changes.
In other words, if the file has a virus that the definitions do not pick up that file is NOT rescanned even if new definitions are released. This means a virus-infected file can get onto a NetApp system.
Having an EICARv2 test file will enable testing of the automatic clean-list clearing type of scenario and be very useful to the IS industry in general.
Subscribe to Ramblings of a Sysadmin
Get the latest posts delivered right to your inbox