Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Eicar .docx string not detected

Created: 12 Jan 2012 • Updated: 13 Jan 2012 | 2 comments
This issue has been solved. See solution.

I've saved the EICAR string into a standard Word 2010 .docx file but my 11.0.6200.754 SEP client isn't detecting it. It detected my .txt and .jpg EICAR files.

Any suggestions?

Thanks,

Chad

Comments 2 CommentsJump to latest comment

Brandon Noble's picture

The EICAR test is designed to detected the EICAR string by itself.

The additional formatting within MS Word, both prior to the string and after the string, prevents the detection.

You can test this by creating the same Eicar.txt that was already being detected in a notepad document and than adding non-whitespace characters either before or after the string. This will prevent detection, as designed.

Brandon Noble
ESS Incident Response Officer
Security Response Liaisons
Symantec Corporation 
www.symantec.com

SOLUTION
Chad_GCU's picture

I used the "Inspect Document" option in Word 2010 to remove all extra hidden content but the EICAR string still remained undetected. I'll just conclude that .docx files cannot be used to test EICAR.

 

Thanks!