On Tue, 18 Mar 2003 20:37:04 MST, Vernon Schryver
<vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> said:
More fundamentally, you don't want to standardize the test case, but
to publish or exchange the current version of the test data. IETF
standards are about ensuring interoperability, and are cast in stone.
It takes almost as much work to issue a replacement RFC as to create
the original, but you'd want at least quarterly updates for your test.
The EICAR test "virus" is useful specifically *because* its standardized
and is *not* updated quarterly to track the latest virus trends. It exists
for exactly ONE reason - to validate the following assertion:
*IF* something trips the scanner, an action is taken.
I've mailed myself copies of EICAR plenty of times, specifically to test
that things do what I want - I'd rather have an unquarantined copy of EICAR
than mail myself a copy of Klez and find out it didn't get quarantined.. ;)
An EICAR-SPAM test file would be equally useful for content-based antispam,
as you could mail yourself a copy to test that you bounced spam, rather than
have to wait to get on a spammer list to find out.
pgp2MhpX6r1Fp.pgp
Description: PGP signature