If I add the Eicar Test Signature at the beginning of a large text file, will that file turn out to be malicious? I opened a 5 MB binary file on Sublime Text and added the signatue at the beginning. On scanning with the clamav library, it identified it as a non-malicious file. This is with the latest virus definitions. With virus definitions from a couple of days back, clam detected that file as a virus.
Asked
Active
Viewed 1,443 times
1 Answers
2
After some digging, I found that it was not supposed to be identified as a virus file. As per http://2016.eicar.org/86-0-Intended-use.html, "The first 68 characters is the known string. It may be optionally appended by any combination of white-space characters with the total file length not exceeding 128 characters."
Since we are not using the eicar signature as it it supposed to be used here, we cannot expect consistent behavior from the clamav library.
Ashish Poddar
- 51
- 3