benhenry
10-28-2003, 12:37 AM
I needed a virus.
I was trying to build a batchfile that would scan my aunts' emails for viruses; so they would have an extra layer of protection from viruses that disabled their buggy big-name brand scanning software. I needed a virus to test my batchfile to make sure it worked. What if they trusted me and a virus got through my batch? No more pecan pies for Christmas.
I found the perfect virus.
The virus can be obtained free of charge from the EICAR organization (http://www.eicar.org/anti_virus_test_file.htm)
If you would like to follow along with various steps of the test and see the results for yourself... eicar urges you to carefully read the text accompanying the virus download site.
You might rather want to just read along about what I did. And maybe get a chuckle along the way.
I downloaded the virus.
Things became exciting already. Irritating sounds went off, a big red dialog box popped up flashing horrible warnings about what I had just done, and my new perfect downloaded virus just got stomped on and sent to a quarantine folder for punishment.
Thinking things through a little more carefully; I decided to turn off my real-time virus scanner and try again.
This time I got the virus right where I wanted it without all the commotion.
I created a new email message with the virus as text in the body of the message.
I saved the message to the Drafts folder, and copied it to the Inbox folder. I re-enabled my "big" virus scanner and opened one and then the other of the emails. No virus was detected. My batch file was started and scanned the Inbox.dbx file and the drafts.dbx file. No virus was detected.
This was expected. Since a text file is not an "executable" no code from the virus could run and the two virus scanners were apparently unconcerned with it. It is alright to view the code of a virus in a text file... at least in a text-only viewer like notepad. (Maybe not some of the fancier notepad replacements, I'm not sure.)
Now I repeated the previous steps. But this time I renamed the virus with both an "exe" extension and a "com" extension and included it in the emails as an attachment. Now when I opened the emails all the irritating sights and sounds began again.
I was reassured though. Nice to know that my "big" virus scanner was doing its job.
Now it was time to quiet everything down, and rebuild the virus emails as before; but this time use my batchfile to scan the dbx files.
No virus was detected.
"Darny, darn, and phooey," I said to myself.
Why didn't my batchfile work? I know it was collecting and sending correctly. I tested it with other file extensions and directories on my hard drive and it worked just fine... finding the viruses by sending them for scanning to my "little" scanner. (Grisoft AVG).
I thought it might be because I was just manipulating the emails on my computer without actually sending them. Maybe the emails weren't being "imprinted" into the dbx files properly because they were never properly sent.
I disabled all my anti-virus software and sent the emails containing the viruses to myself. The four sets of emails were constructed in four forms: viruses were in the text, included as an attachment, included as a zipped attachment, and finally, included as a double-zipped attachment.
I never received the emails. I had forgotten that my ISP had recently included virus-scanning of all members' email at the server. So all I got was a bunch of rather sour warnings about having sent viruses. And other warnings about some guy named myself who was sending viruses to myself.
I was actually rather upset with myself.
To be continued:
An email virus scanning test. Part Four. The test, continued. (http://www.mypcclinic.com/forum/index.php?showtopic=1741)
I was trying to build a batchfile that would scan my aunts' emails for viruses; so they would have an extra layer of protection from viruses that disabled their buggy big-name brand scanning software. I needed a virus to test my batchfile to make sure it worked. What if they trusted me and a virus got through my batch? No more pecan pies for Christmas.
I found the perfect virus.
The virus can be obtained free of charge from the EICAR organization (http://www.eicar.org/anti_virus_test_file.htm)
If you would like to follow along with various steps of the test and see the results for yourself... eicar urges you to carefully read the text accompanying the virus download site.
You might rather want to just read along about what I did. And maybe get a chuckle along the way.
I downloaded the virus.
Things became exciting already. Irritating sounds went off, a big red dialog box popped up flashing horrible warnings about what I had just done, and my new perfect downloaded virus just got stomped on and sent to a quarantine folder for punishment.
Thinking things through a little more carefully; I decided to turn off my real-time virus scanner and try again.
This time I got the virus right where I wanted it without all the commotion.
I created a new email message with the virus as text in the body of the message.
I saved the message to the Drafts folder, and copied it to the Inbox folder. I re-enabled my "big" virus scanner and opened one and then the other of the emails. No virus was detected. My batch file was started and scanned the Inbox.dbx file and the drafts.dbx file. No virus was detected.
This was expected. Since a text file is not an "executable" no code from the virus could run and the two virus scanners were apparently unconcerned with it. It is alright to view the code of a virus in a text file... at least in a text-only viewer like notepad. (Maybe not some of the fancier notepad replacements, I'm not sure.)
Now I repeated the previous steps. But this time I renamed the virus with both an "exe" extension and a "com" extension and included it in the emails as an attachment. Now when I opened the emails all the irritating sights and sounds began again.
I was reassured though. Nice to know that my "big" virus scanner was doing its job.
Now it was time to quiet everything down, and rebuild the virus emails as before; but this time use my batchfile to scan the dbx files.
No virus was detected.
"Darny, darn, and phooey," I said to myself.
Why didn't my batchfile work? I know it was collecting and sending correctly. I tested it with other file extensions and directories on my hard drive and it worked just fine... finding the viruses by sending them for scanning to my "little" scanner. (Grisoft AVG).
I thought it might be because I was just manipulating the emails on my computer without actually sending them. Maybe the emails weren't being "imprinted" into the dbx files properly because they were never properly sent.
I disabled all my anti-virus software and sent the emails containing the viruses to myself. The four sets of emails were constructed in four forms: viruses were in the text, included as an attachment, included as a zipped attachment, and finally, included as a double-zipped attachment.
I never received the emails. I had forgotten that my ISP had recently included virus-scanning of all members' email at the server. So all I got was a bunch of rather sour warnings about having sent viruses. And other warnings about some guy named myself who was sending viruses to myself.
I was actually rather upset with myself.
To be continued:
An email virus scanning test. Part Four. The test, continued. (http://www.mypcclinic.com/forum/index.php?showtopic=1741)