EICAR 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/{eicar.gemspec → EICAR.gemspec} +0 -0
- data/README.md +25 -3
- data/images/eicar-success-mse.png +0 -0
- data/lib/eicar.rb +38 -3
- data/lib/eicar/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
ZjlhMmQxY2JiY2ZkM2RhOGVhMmU5YWY2NzA0NDI4NTdlMDVkOWY5Yw==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
NDRmNzcxZDA4NzI4NDUzMjVkMGE1ZDY5YzY4NGNjZDk4N2UwY2I5Nw==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
ODdmYzVjODJiYjc5N2U1NTRlNjM3ZGI1NTVhY2QyOTk1NDY0NWJlNmU0NDIx
|
|
10
|
+
ODU1ODg0ODJmOGFlNWJlNzJmZjU1MGY0ZWM0ZTIxZTgwYjBlYWUwM2Y0YzBk
|
|
11
|
+
MGNhYTIxNDdkOWZkOTg1NGQzOGMyNzc0YWU1Mjg1M2RjZGRhNDI=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
YmI4ZDc0MDRiYTMyNjNiMmE3MzUyMDE2MWJmZDQ5ODAxMmNkYTk0NTk5YmY4
|
|
14
|
+
MGFiMGI0MzYyNWYzZmJiMzAyYzYwMjdmYThmOTc0Nzg1ZGU0MmQxYjgwMGI3
|
|
15
|
+
YTExM2I3YmNkM2MyYmE5MTZiNzdkNzQ5NzdmMjdjNzQ4OTA3YzU=
|
|
File without changes
|
data/README.md
CHANGED
|
@@ -1,7 +1,10 @@
|
|
|
1
|
-
|
|
1
|
+
EICAR
|
|
2
2
|
=====
|
|
3
3
|
|
|
4
|
-
EICAR
|
|
4
|
+
The EICAR gem provides the [EICAR test
|
|
5
|
+
file](https://en.wikipedia.org/wiki/EICAR_test_file) as
|
|
6
|
+
[bin/eicar.com](bin/eicar.com),
|
|
7
|
+
used to test anti-virus detection functionality.
|
|
5
8
|
|
|
6
9
|
Usage
|
|
7
10
|
=====
|
|
@@ -19,7 +22,7 @@ load. I know, it's a little backwards.
|
|
|
19
22
|
|
|
20
23
|
Code exercising this might look like this:
|
|
21
24
|
|
|
22
|
-
````
|
|
25
|
+
````ruby
|
|
23
26
|
#!/usr/bin/env ruby
|
|
24
27
|
|
|
25
28
|
begin
|
|
@@ -29,6 +32,25 @@ rescue EICAR::EICARReadError
|
|
|
29
32
|
end
|
|
30
33
|
````
|
|
31
34
|
|
|
35
|
+
If A/V is later enabled, an application can monitor its status. Here's a
|
|
36
|
+
simplistic example:
|
|
37
|
+
|
|
38
|
+
````ruby
|
|
39
|
+
until EICAR.antivirus_active? do
|
|
40
|
+
sleep 1
|
|
41
|
+
puts "A/V hasn't caught EICAR yet"
|
|
42
|
+
end
|
|
43
|
+
puts "A/V is active in #{ENV['GEM_HOME']}."
|
|
44
|
+
````
|
|
45
|
+
|
|
46
|
+
Expected Results
|
|
47
|
+
================
|
|
48
|
+
|
|
49
|
+
Below is a screenshot from Microsoft Security Essentials successfully
|
|
50
|
+
detecting [bin/eicar.com](bin/eicar.com) and placing it in quarantine.
|
|
51
|
+
|
|
52
|
+
|
|
53
|
+
|
|
32
54
|
TODO
|
|
33
55
|
====
|
|
34
56
|
|
|
Binary file
|
data/lib/eicar.rb
CHANGED
|
@@ -2,6 +2,9 @@ require 'eicar/version'
|
|
|
2
2
|
|
|
3
3
|
module EICAR
|
|
4
4
|
|
|
5
|
+
# Antivirus should /not/ pick this up, ever.
|
|
6
|
+
ROT13_DOWNCASE_EICAR = "k5b!c%@nc[4cmk54(c^)7pp)7}$rvpne-fgnaqneq-nagvivehf-grfg-svyr!$u+u*"
|
|
7
|
+
|
|
5
8
|
def self.version
|
|
6
9
|
EICAR::VERSION
|
|
7
10
|
end
|
|
@@ -12,17 +15,49 @@ module EICAR
|
|
|
12
15
|
class EICARReadError < Error
|
|
13
16
|
end
|
|
14
17
|
|
|
15
|
-
|
|
18
|
+
class EICARWriteError < Error
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def self.test_file_path
|
|
16
22
|
lib_path = File.expand_path(File.dirname(__FILE__))
|
|
17
23
|
bin_path = File.expand_path(File.join(lib_path, "..", "bin"))
|
|
18
|
-
|
|
24
|
+
File.join(bin_path, "eicar.com")
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def self.test_string
|
|
19
28
|
begin
|
|
20
|
-
data = File.open(
|
|
29
|
+
data = File.open(self.test_file_path, "rb") {|f| f.read f.stat.size}
|
|
21
30
|
rescue SystemCallError
|
|
22
31
|
raise EICAR::EICARReadError
|
|
23
32
|
end
|
|
24
33
|
end
|
|
25
34
|
|
|
35
|
+
def self.antivirus_active?
|
|
36
|
+
begin
|
|
37
|
+
self.test_string
|
|
38
|
+
rescue EICAR::EICARReadError
|
|
39
|
+
return true
|
|
40
|
+
end
|
|
41
|
+
return false
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def self.rot13(str)
|
|
45
|
+
str.tr "A-Za-z", "N-ZA-Mn-za-m"
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
# Returns a TrueClass if the file was created and is readable in the
|
|
49
|
+
# expected path. For system-wide gem installs, this will usually need
|
|
50
|
+
# to be run as root, or else you'll raise.
|
|
51
|
+
def self.create
|
|
52
|
+
data = self.rot13(ROT13_DOWNCASE_EICAR).upcase
|
|
53
|
+
begin
|
|
54
|
+
File.open(self.test_file_path, "wb") {|f| f.write data}
|
|
55
|
+
rescue SystemCallError
|
|
56
|
+
raise EICAR::EICARWriteError
|
|
57
|
+
end
|
|
58
|
+
File.readable? self.test_file_path
|
|
59
|
+
end
|
|
60
|
+
|
|
26
61
|
end
|
|
27
62
|
|
|
28
63
|
EICAR.test_string
|
data/lib/eicar/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: EICAR
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tod Beardsley
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-12-
|
|
11
|
+
date: 2013-12-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: ! "\n This gem is designed to fail in the face of anti-virus coverage\n
|
|
14
14
|
\ of your gem path. If you are running anti-virus systemwide, this\n gem will
|
|
@@ -22,12 +22,13 @@ files:
|
|
|
22
22
|
- .gitignore
|
|
23
23
|
- .ruby-gemset
|
|
24
24
|
- .ruby-version
|
|
25
|
+
- EICAR.gemspec
|
|
25
26
|
- Gemfile
|
|
26
27
|
- Gemfile.lock
|
|
27
28
|
- LICENSE
|
|
28
29
|
- README.md
|
|
29
30
|
- bin/eicar.com
|
|
30
|
-
- eicar.
|
|
31
|
+
- images/eicar-success-mse.png
|
|
31
32
|
- lib/eicar.rb
|
|
32
33
|
- lib/eicar/version.rb
|
|
33
34
|
homepage: https://github.com/todb-r7/eicar
|