EICAR test files

Hi,

to reproduce this, go to www.eicar.org and download the different test files.

I have two points:
1st: Why is the eicar.com download recognized as Exploit[at]#2975xfk8s2pq1
I’m pretty sure, that it was recognized correct as EICAR test file or something like this when I downloaded this one last time.
If the eicar page wasn’t hacked (and I’m pretty sure, this isn’t the case ;)) you should change the naming. It’s not harmful and doesn’t exploit anything. It’s just a test file which will print a string if it gets executed. If you’re naming malware like this, you should ensure, that the names fit.

2nd: Why is the zip file download of the EICAR test file recognized by the realtime scanner as Malware[at]27s8ewoxds1vr? The realtime scanner doesn’t scan the archive’s contents, so there must be a signature for the archive. This explains the different names reported by CAV. This download shouldn’t be recognized at all by the realtime scanner.

By the way, also the eicarcom2.zip is recognized…

Hello BigMike.
Thank you for reporting.
We will fix this naming issue.
We are sorry for inconvenience.

Six months later, but comodo still determines the EICAR Test File as an Exploit@#2975xfk8s2pq1.
When you fix it?

Hi stray,

The issue has been fixed with CIS database 12757.

Thanks and regards,
Ionel