Vérification de virus

vtuploader.pl est un script écrit par Cd-MaN qui permet d’uploader des fichiers suspects chez VirusTotal.com pour être analysés par plus d’une trentaine de moteurs anti-virus.

$ wget http://hype.free.googlepages.com/vtuploader.pl  
$ chmod +x vtuploader.pl

Nous allons prendre pour tests les virus fournis dans le récent article http://blog.untangle.com/?p=96
Les détails sont aussi sur http://virus.untangle.com/

$ wget http://virus.untangle.com/samples.zip  
$ unzip -P a samples.zip  
$ ./vtuploader.pl -nv all/000\\_eicar.com  
Processing file all/000\\_eicar.com  
MD5: 44d88612fea8a8f36de82e1278abb02f  
File size: 68 bytes  

Upload finished, waiting for scanning  
Enqued in position 10. Estimated start time between 93 and 133 seconds  
Scanning. Scanned with 31 engines  
Scanning done   
Infection count 32 out of 32  

File all/000\\_eicar.com  

Antivirus...... Version ...... Last Update ......Result   
AVG ...... 7.5.0.476 ...... 2007.08.13 ...... EICAR\\_Test  
AhnLab-V3 ...... 2007.8.9.2 ...... 2007.08.13...... EICAR\\_Test\\_File  
AntiVir ...... 7.4.0.60 ...... 2007.08.13 ...... Eicar-Test-Signature  
Authentium ...... 4.93.8 ...... 2007.08.13 ...... EICAR\\_Test\\_File  
Avast ...... 4.7.1029.0 ...... 2007.08.13 ...... EICAR Test-NOT virus!!  
BitDefender ...... 7.2 ...... 2007.08.13...... EICAR-Test-File (not a virus)  
CAT-QuickHeal ...... 9.00 ...... 2007.08.13 ...... EICAR Test File  
ClamAV ...... 0.91 ...... 2007.08.13 ...... Eicar-Test-Signature  
DrWeb ...... 4.33 ...... 2007.08.13...... EICAR Test File (NOT a Virus!)  
Ewido ...... 4.0 ...... 2007.08.13...... Not-A-Virus.Test.Eicar  
F-Prot ...... 4.3.2.48 ...... 2007.08.13...... EICAR\\_Test\\_File  
F-Secure ...... 6.70.13030.0 ......2007.08.13 ...... EICAR\\_Test\\_File  
FileAdvisor ...... 1 ...... 2007.08.13...... High threat detected  
Fortinet ...... 2.91.0.0 ...... 2007.08.13...... EICAR\\_TEST\\_FILE  
Ikarus ...... T3.1.1.12 ...... 2007.08.13 ...... EICAR-ANTIVIRUS-TESTFILE  
Kaspersky ...... 4.0.2.24 ...... 2007.08.13...... EICAR-Test-File  
McAfee ...... 5096 ...... 2007.08.13 ...... EICAR test file  
Microsoft ...... 1.2704 ...... 2007.08.13...... Virus:DOS/EICAR\\_Test\\_File  
NOD32v2 ...... 2457 ...... 2007.08.13...... Eicar test file  
Norman ...... 5.80.02 ...... 2007.08.13...... EICAR\\_Test\\_file\\_not\\_a\\_virus! 
Panda ...... 9.0.0.4 ...... 2007.08.12 ...... EICAR-AV-TEST-FILE  
Prevx1...... V2 ...... 2007.08.13 ...... Win32.Malware.gen  
Rising ...... 19.36.02.00 ...... 2007.08.13...... EICAR-Test-File  
Sophos ...... 4.20.0 ...... 2007.08.12...... EICAR-AV-Test  
Sunbelt ...... 2.2.907.0 ...... 2007.08.11 ...... EICAR (v)  
Symantec ...... 10 ...... 2007.08.13...... EICAR Test String  
TheHacker ...... 6.1.8.167 ...... 2007.08.13 ...... EICAR\\_Test\\_File  
VBA32 ...... 3.12.2.2 ...... 2007.08.13...... EICAR-Test-File  
VirusBuster...... 4.3.26:9 ...... 2007.08.13 ...... EICAR\\_test\\_file  
Webwasher-Gateway...... 6.0.1 ...... 2007.08.13 ...... Virus.Eicar-Test-Signature  
eSafe ...... 7.0.15.0 ...... 2007.08.10...... EICAR Test File  
eTrust-Vet ...... 31.1.5055 ...... 2007.08.13...... the EICAR test string  

Additional information  

File size: 68 bytes  
MD5: 44d88612fea8a8f36de82e1278abb02f  
SHA1: 3395856ce81f2b7382dee72602f798b642f14140  
$  

Le test complet:

$ ./vtuploader.pl -nv all/*

/!\\ Le script est à utiliser avec parcimonie pour éviter un DOS sur VirusTotal.com ou un filtrage du script de leur part…

Vus : 21
Publié par Uggy : 252