Incorrect detection of EICAR test file

I have some test files that write an EICAR test file to disk for test purposes. CAV is detecting these files as being the EICAR test file. If you look at the definition for the EICAR test, a file should be flagged ONLY if it contains JUST the EICAR test string, and nothing else.

If the file is starting with eicar 68 byte signature then only it is being detected as eicar test virus. Check your test file with for scanning it against different scanner. Most of them are detecting it if the file starts with eicar signature and having correct 68 byte eicar signature and some more characters(any characters).

But in my opinion it should follow both the rules of eicar detection. 1. first 68bytes eicar signature 2. file length limited to 68 or extended to128 with specified charactes only.

Interesting. Only CAT-QuickHeal (which I’ve never heard of), Ikarus, Kaspersky (which surely should know better) and Panda flagged this file as EICAR. I’m really surprised that Kaspersky detected this (a program source file with the EICAR string inside it as a string constant.)