-=> Mocking Alain Gohier to All <=-
   
 AG> Hi, All.
 AG> If someone can explain to me, I'm sure I'll understand.
 AG> I use 4 (yup, four.) Antivirus in my system. TBAV 8.04a - Scan
 AG> from McAfee, 3.0x - F-Prot 2.28 - Integrity Master 4.01.
oooow... that's the new version, isn't it?... i've got to check it out
one of these days...
 AG> I have in my C:\Test directory, three files, they are :
 AG> Common.com  -- EICAR test file.
 AG> Sampvir.com  -- Which is a simple signature of DEMOLITION virus.
 AG> Lkccmini.exe  -- Which come from the uic_v24.zip file and have
 AG> a V2P6 virus in it.
 AG> TBAV is setted to HIGH Heuristics, with all *.dat. Also for
 AG> F-Prot. 
 AG> TBAV see the EICAR file. Also for FProt and the Scan 3.0x. These
 AG> don't saw the other viruses. TBAV have the two other viruses in
 AG> it's virlist. Fprot also.  What I want to know, is why these don't
 AG> recognized these viruses, but IM 4.01 doesn't see EICAR file ???
 AG> Sampvir.com was there from IM 4.01 itself. The install program
 AG> create it.
 AG> Common.com is from a post somewhere with the signature.
 AG> Where's the problem ?
the problem is that you don't understand the difference between
simulated viruses and real viruses...
the reason tbav and f-prot didn't detect any viruses is because you
don't have any viruses.... they detected eicar.com because they use that
as an installation test...
im detects your sample viruses because it's designed to use them the
same way tbav and f-prot are designed to use eicar.com... they aren't
real viruses, just files that contain scan strings for specific viruses
(and there are many different possible scan strings for the same
virus)...
i'm sure someday wolfgang stiller will put in support of the eicar
standard anti-virus test file... not sure why he hasn't already, haven't
spoken with him in years (he used to be a regular poster here)...
... ow that you know that i know that you know that i kn...
--- Platinum Xpress/Win/Wildcat5! v2.0
---------------