VULHUB ™

The Symantec AntiVirus For Handhelds scanning engine may fail to detect variations of malicious code that definitions or heuristic detections exist for. The discoverer of this vulnerability tested the issue on the EICAR test virus. Reportedly, it is possible to bypass the scanner by adding a few random bytes of data before and after the test string. This BID is being retired. The EICAR test file should not be detected if it has been modified, as stated at http://www.eicar.org/anti_virus_test_file.htm: "The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital...

The Symantec AntiVirus For Handhelds scanning engine may fail to detect variations of malicious code that definitions or heuristic detections exist for. The discoverer of this vulnerability tested the issue on the EICAR test virus. Reportedly, it is possible to bypass the scanner by adding a few random bytes of data before and after the test string. This BID is being retired. The EICAR test file should not be detected if it has been modified, as stated at http://www.eicar.org/anti_virus_test_file.htm: "The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero."