Test your AV with a sample .js javascript file. Will your AV let you run it?


Recommended Posts

After the news story on the front page about New ransomware variant coded entirely on Javascript, exploits macros

 

I decided to do a test.

 

The EICAR anti-malware test file was developed by the European Institute for EICAR. The EICAR test file is a legitimate DOS program that is detected as malware by anti-virus software. When the test file runs successfully (if it is not detected and blocked), it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!".

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Pasted it into notepad and saved it as hello.js

 

Then double clicked on Hello.js on the desktop and got this prompt

 

Capture.JPG.b767027a7445b81bac9ca6acc16d

 

So try it yourself and post your result of your Antivirus.

 

if it runs you should see a Microsoft JScript Compilation error

 

 

 

 

I imagine most AV software wouldn't care, as it's clearly not malicious code that's going to trigger any of their heuristic scanning. There's not going to be any signatures that match such a simple and harmless script either. This is basically a useless test.

  On 21/06/2016 at 18:26, DaveLegg said:

I imagine most AV software wouldn't care, as it's clearly not malicious code that's going to trigger any of their heuristic scanning. There's not going to be any signatures that match such a simple and harmless script either. This is basically a useless test.

Expand  

Because the AV is relying on it's signatures to detect what's going to run inside the .js file, as a good rule of thumb an AV should stop and prompt you if you are sure you want to run the JS file.

A good AV will not detect this file as malicious. The file is NOT malicious, so any prompts are false positives, which confuse users and affect productivity in the workplace.

 

This thread should be deleted to avoid confusion.

 

  On 21/06/2016 at 18:45, er0n said:

A good AV will not detect this file as malicious. The file is NOT malicious, so any prompts are false positives, which confuse users and affect productivity in the workplace.

 

This thread should be deleted to avoid confusion.

Expand  

I kind of like the fact that my AV "Secureaplus" prompts me about any js file, period.  If the AV you've described hasn't gotten the definition file yet, it allows it to run,. When are regular users needing to run js files on the desktop?

  On 21/06/2016 at 18:51, warwagon said:

 

I kind of like the fact that my AV "Secureaplus" prompts me about any js file, period.  If the AV you've described hasn't gotten the definition file yet, it allows it to run,. When are regular users needing to run js files on the desktop?

Expand  

That's not the point.

 

MOST people aren't security-savvy enough to know whether they should allow the file to run or not. Most scripts will be legitimate so the user will have to approve them in order to do what they want. They end up with alert-fatigue and will probably just approve everything.

 

MOST AVs have the ability to configure detection prompts for scripts or even unknown files.

 

Your posts suggests that your hello world script is a legitimate test for the effectiveness of an AV. Which it is certainly not!

 

Edit: And if you're convinced that users don't need to run these scripts, just disable the ability to execute them in Windows https://technet.microsoft.com/en-us/library/ee198684.aspx

  On 21/06/2016 at 18:50, er0n said:

Don't waste your time!

 

Expand  

I actually decided to use the eicar test text instead and see what would happen. That was always caught as soon as I saved it as a .js file.

  On 21/06/2016 at 20:04, purrcher said:

I actually decided to use the eicar test text instead and see what would happen. That was always caught as soon as I saved it as a .js file.

Expand  

Great! Good job!

  On 21/06/2016 at 20:04, purrcher said:

I actually decided to use the eicar test text instead and see what would happen. That was always caught as soon as I saved it as a .js file.

Expand  

http://www.eicar.org/download/eicar.com.txt

  On 21/06/2016 at 20:09, xendrome said:
Expand  

basically. What I did was I opened Notepad++ and pasted the sniped from http://www.eicar.org/86-0-Intended-use.html and then tried saving it as a ,js file.

This is well known by all antivirus products, and is nothing new. Of course they're going to catch it! If they didn't, then I'd be worried! Therefore, this thread is like a midget without an index finger....short and pointless.

Running Kaspersky Total Security, and the moment I save the file, it disappears, no error, but I tried it three times with explorer open in the background and it seems kaspsersky deleted it right away.

ClamAV on Linux picks it up.  If I recall correctly though, the EICAR test file should get picked up by just about any antivirus regardless of what you name it or what extension you give it, as long as that string of text is the first line of the file.

Screenshot from 2016-06-23 21:53:20.png

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I think they mean a phone like the s6 edge where it breaks on first drop guarantee
    • This high-end GEEKOM Mini IT12 (2025 Edition) PC has been slashed by $200 by Steven Parker GEEKOM reached out to let us know of a discount it is running on its site in the U.S., where you can save $200 off the i7 model of Mini IT12 2025 Edition. That brings the already discounted price of $699 down to just $499; buying link below. Below are the full specifications of the variant on offer GEEKOM Mini IT12 (2025 Edition) Dimensions Size 117 x 112 x 45.6mm Weight 652g CPU Intel Core i7-1280P (14 Cores, 20 Threads, 24MB Cache, up to 4.80 GHz) Graphics Intel® Iris® Xe Graphics Memory 32 GB Dual-channel DDR4-3200 SODIMM; expandable up to 64GB Storage 1 TB x M.2 2280 PCIe Gen 4 x4 SSD, expandable up to 2TB 1 x M.2 2242 SATA SSD slot, expandable up to 1TB Operating System Windows 11 Pro Bluetooth Bluetooth® v5.2 Ethernet Intel® 10/100/1000/2500 Mbps RJ45 Ethernet Wireless LAN Intel® Wi-Fi 6E AX211 Kensington Lock Yes Adapter 19V power adapter, 90W, with geo-specific AC cord (IEC C5) I/O Ports 3 x USB 3.2 Gen 2 ports 1 x USB 2.0 port 2 x USB4 ports 1 x SD card reader 1 x 3.5 mm headphone jack 1 x 2.5GbE LAN port 2 x HDMI 2.0 ports 1 x DC jack 1 x Power button MSRP $699 (see below for discount price) You may remember that we reviewed the i7-1260P variant in 2023. Here are our initial impressions of the Mini IT12 at the time. Once you have the PC out of the cushioning inside the box and the foam removed, you are greeted with a Thank You envelope. Below that, after removing the cardboard "shelf," you can find the other components, such as the power lead, HDMI cable, VESA mount plate with a bag of screws, and the instruction manual. What’s In The Box 1 x Mini IT12 Mini PC 1 x VESA Mount 1 x Power Adapter 1 x HDMI Cable 1 x User Guide 1 x Thank You Card As you can see, one HDMI cable is included in the box. Since the port is not HDMI 2.1, you will need to consider purchasing a mini DisplayPort cable or a USB4 (Type-C) to DisplayPort cable to maximize the potential of the Iris Xe Graphics display options. In addition, GEEKOM offers a one-year full warranty on its products, and if needed, you can RMA or return them locally relative to your region (the U.S. has a U.S. warehouse, and the E.U. has a Germany warehouse). Buy the i7-1280P Mini IT12 (2025 Edition) for $499 (was $699) at GEEKOM U.S. Buy the i7-1280P Mini IT12 (2025 Edition) for $499 (was $699) at Amazon U.S. When checking out, use the $30 in-page coupon or NEOIT122025 coupon code. Best of all, the shipping is quick and free.
    • That's ######ing hilarious! And it sure works when you look at both of their faces.
    • When it comes to games specifically, sure, but until now the main focus has been on doing work. All you have to do is look at how hard they're pushing AI in the productivity space to see that they've got their enterprise users in mind 1st with gamers lower on the list. Now that should all change, at least for custom gaming devices like handhelds and even, I expect, custom mini-PCs that are like consoles you can put under your TV. The whole "Xbox PC" branding they had around the show says a lot IMO.
  • Recent Achievements

    • Enthusiast
      the420kid went up a rank
      Enthusiast
    • Conversation Starter
      NeoToad777 earned a badge
      Conversation Starter
    • Week One Done
      VicByrd earned a badge
      Week One Done
    • Reacting Well
      NeoToad777 earned a badge
      Reacting Well
    • Reacting Well
      eric79XXL earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      477
    2. 2
      +FloatingFatMan
      284
    3. 3
      ATLien_0
      253
    4. 4
      snowy owl
      202
    5. 5
      Edouard
      202
  • Tell a friend

    Love Neowin? Tell a friend!