snip
I read that eicar.org page and they DON'T "specify exactly under what
circumstances the eicar test file should be detected". They just tell
you how to use it and not whether a javascript pop up is or is not a
valid method of propagating a virus (and therefore whether this is or is
not a valid eicar test.)
This keeps coming up again and again and is a major bone of contention in
Anti-virus circles.
"In order to facilitate various scenarios, we provide 4 files for
download. The first, eicar.com, contains the ASCII string as described
above. The second file, eicar.com.txt, is a copy of this file with a
different filename. Some readers reported problems when downloading the
first file, which can be circumvented when using the second version. Just
download and rename the file to "eicar.com". That will do the trick. The
third version contains the test file inside a zip archive. A good
anti-virus scanner will spot a 'virus' inside an archive. The last version
is a zip archive containing the third file. This file can be used to see
whether the virus scanner checks archives more than only one level deep."
NO other uses are valid. FULL STOP.
Eicar is NOT a virus and is intended only to test that an AV solution is
actually functioning (in on-demand or on-access mode as appropriate) in
the specifically listed circumstances ONLY.
Regards
Gordon
