Vérification de virus
vtuploader.pl est un script écrit par Cd-MaN qui permet d’uploader des fichiers suspects chez VirusTotal.com pour être analysés par plus d’une trentaine de moteurs anti-virus.
$ wget http://hype.free.googlepages.com/vtuploader.pl
$ chmod +x vtuploader.pl
Nous allons prendre pour tests les virus fournis dans le récent article http://blog.untangle.com/?p=96
Les détails sont aussi sur http://virus.untangle.com/
$ wget http://virus.untangle.com/samples.zip
$ unzip -P a samples.zip
$ ./vtuploader.pl -nv all/000\\_eicar.com
Processing file all/000\\_eicar.com
MD5: 44d88612fea8a8f36de82e1278abb02f
File size: 68 bytes
Upload finished, waiting for scanning
Enqued in position 10. Estimated start time between 93 and 133 seconds
Scanning. Scanned with 31 engines
Scanning done
Infection count 32 out of 32
File all/000\\_eicar.com
Antivirus...... Version ...... Last Update ......Result
AVG ...... 7.5.0.476 ...... 2007.08.13 ...... EICAR\\_Test
AhnLab-V3 ...... 2007.8.9.2 ...... 2007.08.13...... EICAR\\_Test\\_File
AntiVir ...... 7.4.0.60 ...... 2007.08.13 ...... Eicar-Test-Signature
Authentium ...... 4.93.8 ...... 2007.08.13 ...... EICAR\\_Test\\_File
Avast ...... 4.7.1029.0 ...... 2007.08.13 ...... EICAR Test-NOT virus!!
BitDefender ...... 7.2 ...... 2007.08.13...... EICAR-Test-File (not a virus)
CAT-QuickHeal ...... 9.00 ...... 2007.08.13 ...... EICAR Test File
ClamAV ...... 0.91 ...... 2007.08.13 ...... Eicar-Test-Signature
DrWeb ...... 4.33 ...... 2007.08.13...... EICAR Test File (NOT a Virus!)
Ewido ...... 4.0 ...... 2007.08.13...... Not-A-Virus.Test.Eicar
F-Prot ...... 4.3.2.48 ...... 2007.08.13...... EICAR\\_Test\\_File
F-Secure ...... 6.70.13030.0 ......2007.08.13 ...... EICAR\\_Test\\_File
FileAdvisor ...... 1 ...... 2007.08.13...... High threat detected
Fortinet ...... 2.91.0.0 ...... 2007.08.13...... EICAR\\_TEST\\_FILE
Ikarus ...... T3.1.1.12 ...... 2007.08.13 ...... EICAR-ANTIVIRUS-TESTFILE
Kaspersky ...... 4.0.2.24 ...... 2007.08.13...... EICAR-Test-File
McAfee ...... 5096 ...... 2007.08.13 ...... EICAR test file
Microsoft ...... 1.2704 ...... 2007.08.13...... Virus:DOS/EICAR\\_Test\\_File
NOD32v2 ...... 2457 ...... 2007.08.13...... Eicar test file
Norman ...... 5.80.02 ...... 2007.08.13...... EICAR\\_Test\\_file\\_not\\_a\\_virus!
Panda ...... 9.0.0.4 ...... 2007.08.12 ...... EICAR-AV-TEST-FILE
Prevx1...... V2 ...... 2007.08.13 ...... Win32.Malware.gen
Rising ...... 19.36.02.00 ...... 2007.08.13...... EICAR-Test-File
Sophos ...... 4.20.0 ...... 2007.08.12...... EICAR-AV-Test
Sunbelt ...... 2.2.907.0 ...... 2007.08.11 ...... EICAR (v)
Symantec ...... 10 ...... 2007.08.13...... EICAR Test String
TheHacker ...... 6.1.8.167 ...... 2007.08.13 ...... EICAR\\_Test\\_File
VBA32 ...... 3.12.2.2 ...... 2007.08.13...... EICAR-Test-File
VirusBuster...... 4.3.26:9 ...... 2007.08.13 ...... EICAR\\_test\\_file
Webwasher-Gateway...... 6.0.1 ...... 2007.08.13 ...... Virus.Eicar-Test-Signature
eSafe ...... 7.0.15.0 ...... 2007.08.10...... EICAR Test File
eTrust-Vet ...... 31.1.5055 ...... 2007.08.13...... the EICAR test string
Additional information
File size: 68 bytes
MD5: 44d88612fea8a8f36de82e1278abb02f
SHA1: 3395856ce81f2b7382dee72602f798b642f14140
$
Le test complet:
$ ./vtuploader.pl -nv all/*
/!\\ Le script est à utiliser avec parcimonie pour éviter un DOS sur VirusTotal.com ou un filtrage du script de leur part…