cancel
Showing results for 
Search instead for 
Did you mean: 

Testing EICAR.COM file when uploading file

Jump to solution

We have a weird situation, when the eicar.com file is uploaded via web page using aspUploader (.NET component) the file is not detected on the server running VSE. The file is then downloaded and it is detected as a possible virus on the client machine.  When the same file is manually copied to the server's upload folder the  file is removed within seconds.  Trying to understand the different behavior.  We need to prove to pen-testers that our upload process is safe.  Appreciate any help on this.  Thanks.

1 Solution

Accepted Solutions
Highlighted
McAfee Employee MarkCMc
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Testing EICAR.COM file when uploading file

Jump to solution

The OAS scans active processes. If you drop an Eicar in a particular way onto a machine and it is not detected until it is interacted with manually, you are confirming that no local active process on the target machine is interacting with the file during your copy process. In that situation the OAS is working as designed and will detect the file once a process touches the file or an ODS is performed on the location. The OAS does not have the functionality to simply monitor folders for changes.

2 Replies
Highlighted
McAfee Employee MarkCMc
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Testing EICAR.COM file when uploading file

Jump to solution

The OAS scans active processes. If you drop an Eicar in a particular way onto a machine and it is not detected until it is interacted with manually, you are confirming that no local active process on the target machine is interacting with the file during your copy process. In that situation the OAS is working as designed and will detect the file once a process touches the file or an ODS is performed on the location. The OAS does not have the functionality to simply monitor folders for changes.

Re: Testing EICAR.COM file when uploading file

Jump to solution

Thanks, makes sense.  I will include an ODS to the upload process.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator