These files are a test of your installed AV. If your AV doesn't flag each one, then potentially, you are vulnerable.

Same version of Java RE as yours here in XP SP3 32b. Runs perfectly fine on Opera 10.00 Beta 1589, Safari 4.0 530.17 and Google Chrome 2.0.172.31 but Fx 3.5 fails to run it right at the stage the Java RE is being started.

Great tool, in all 4 attempts of mine with different browsers it was spot on. Specifically spot on with my empirical download/upload limits.

In reply to a post by Deadbeat:

These files are a test of your installed AV. If your AV doesn't flag each one, then potentially, you are vulnerable.

I checked again and I can download the eicarcom2.zip folder from *https://secure.eicar.org*

(but not from *http://secure.eicar.org* due to intervention by Avira)

I can then open the compressed zip folder but access is denied to the eicar MS_DOS Application by Avira.

This means that in common with many AV suites, Avira doesn't scan HTTPS transactions. It isn't really a loophole and as long as you realise and remember this "limitation", you'll be OK.

In reply to a post by Deadbeat:

In reply to a post by CARPETBURN:

In reply to a post by boggits:

This might be useful for people looking at BB issues (especially if they think they are being 'limited')

http://netalyzr.icsi.berkeley.edu/

Nice NOD smart security reports a trojan, and quarantines it probably a false detection but happy it did it..... So much Java stuff nowadays cant be trusted.

The EICAR test file?

May have been, dont know, i just saw the Eset pop up notification and also shut it down immediately.... Not going to run it again to find out either. Even if it was a false positive plenty seem to have issues with it, so i think ill avoid.

An interesting test suite. Runs without problems on Debian. Usual complaints about OpenDNS resolving addresses it shouldn't resolve.

It's a universally known and completely safe AV TEST file!

As i said probably a false positive or as you say a test file, either way its not something i care to flirt with especially when their are alternatives that can test things without flirting with trouble. (Even if that trouble is harmless).

In reply to a post by Deadbeat:

This means that in common with many AV suites, Avira doesn't scan HTTPS transactions. It isn't really a loophole and as long as you realise and remember this "limitation", you'll be OK.

If it *could* look inside HTTPS then there is a defect in your browser, as the S is supposed to mean secure, and no ability to look inside.

If it could, internet banking would have to close !