Analyzing the EICAR-GTUBE_Generator using a common multi-anti-virus platform like VirusTotal seems no AVs recognaize the EICAR-GTUBE-Generator as a EICAR generator (so in some way a malware generator): here the proof (click to enlarge)

Now, my question is: Do the AVs truly analyze the EICAR signature or do they apply a simple pattern matching ?
On the other hand, analyzing the resulted file there is more fun:

First of all does not recognize the EICAR file. That’s very interesting,to me. They claim to be:
“PC and Internet Security powered by the World’s largest real time threat database…”
But they don’t recognize one of the most famous string in AV’s society. So guys, are you sure to have the world’s largest DB ? Maybe you need a little of “back to easy stuff” policy ?
Anyway, the second interesting thing is on Microsoft AV which recognize EICAR but as a VIrus ( in fact at the beginning there is the label Virus:). That is technically wrong. All the other Tested AVs did a good job labeling EICAR as warning and testing file. Why does Microsoft recognize EICAR as virus and not as a standard testing file ? Maybe is this just the pic of a wrong pattern recognition’s iceberg, present in Microsoft AV ? I’ll check out soon !

5 thoughts on “ EICAR and GTUBE Generator – Anti VIrus Results – ”

  1. I read about it some days ago in another blog and the main things that you mention here are very similar

  2. Awesome ideas
    since looking your post I find it similar to of related storys in
    [url=]avg download[/url]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.