Click To Enlarge
I knew that Google always blocked the sending and receiving of a virus but I had never thought to see what happens if you try to send a virus. A Google Blogoscoped visitor sent in the above screenshot of what happened when he tried to send the eicar virus string to himself in a text file. After that had failed he also tried changing the extension to JPG and WMV but neither of those worked as well.
The eicar virus string is a simple string of characters that is used to test an Antivirus. In fact the string is only 68 bytes long:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
While it may not be anything extravagant it is a very popular way to test your Antivirus. The code does not do anything harmful to your computer and just simulates a virus.
I did a comprehensive Gmail anitvirus test drive when the antivirus thingy was lauched. Refer to my test results here: [semanticvoid.com]
EICAR virus test string = useless since 1998
Sorry, while I do appreciate your many other posts and news links which are both well informed and from experience, I have to laugh at the concept of the aging EICAR virus test which has not been updated since 2003 (and possibly older in some cases.) This is not a worthy test of any Anti-Virus and a simple fake Anti-Virus could check for this using very few lines of code in various programming languages and prove nothing, except for the simple identification/detection of said string or test string in some common archive wrapper (.zip files for instance.) This whole concept is so full of holes as to be laughable and when the industry suggests this is a valid way to test the efficacy of the product as to be in proper working order it bloods my blood. No offense to you of course. I just don’t want people to be ill informed of this sham of a test. It is utterly meaningless except to show perhaps how many layers of and types of archives that an Anti-Virus can detect through before “inevitably crapping” out as it were. This may be useful if the product or services author does not publish the Anti-Virus’s true abilities to interpret and unwrap archives in a sandbox or in memory for evaluation and little is ever published of course on how deep or simply put how many multiple wrappers they can penetrate and still read through. Sorry I felt compelled to add my to cents when I read to EICAR reference in the post.
Good luck on all future testing and I do like reading your blog.
This wasn’t to test GMail’s virus scanning capabilities, instead it was to see what happened when you would try to send a virus. I agree that every Antivirus solution probably has it hard-coded to catch the EICAR because it would be quite embarrassing if it didn’t.
The EICAR virus test isn’t actually a virus it’s signature is added to almost all anti virus databases. It’s simple a string of characters.