I'm familiar with EICAR. However I'd like to trigger signatures across
the board.
Ultimately I'd like to run a real malware test, but that can only be
done in an isolated lab, and that requires a continuous investment of
time and money to insure the collection is up to date.
http://www.av-test.org/ is another possibility, but I have no contacts
there, and it's somewhat isolated proof (can't touch the environment,
and it's a run-once deal).
Bill Stout
-----Original Message-----
From: Jose Nazario [mailto:jose (at) monkey (dot) org [email concealed]]
Sent: Monday, May 08, 2006 2:42 PM
To: Bill Stout
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: Extracting signature snippets from AV databases
On Mon, 8 May 2006, Bill Stout wrote:
> Has this been done already? Are specific signatures a 'secret sauce'?
I'm familiar with EICAR. However I'd like to trigger signatures across
the board.
Ultimately I'd like to run a real malware test, but that can only be
done in an isolated lab, and that requires a continuous investment of
time and money to insure the collection is up to date.
http://www.av-test.org/ is another possibility, but I have no contacts
there, and it's somewhat isolated proof (can't touch the environment,
and it's a run-once deal).
Bill Stout
-----Original Message-----
From: Jose Nazario [mailto:jose (at) monkey (dot) org [email concealed]]
Sent: Monday, May 08, 2006 2:42 PM
To: Bill Stout
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: Extracting signature snippets from AV databases
On Mon, 8 May 2006, Bill Stout wrote:
> Has this been done already? Are specific signatures a 'secret sauce'?
EICAR. http://www.eicar.org/anti_virus_test_file.htm
SPYCAR. http://www.spycar.org/Welcome%20to%20Spycar.html
hope that helps.
________
jose nazario, ph.d. jose (at) monkey (dot) org [email concealed]
http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html
http://www.wormblog.com/
[ reply ]