{"id":1053,"date":"2013-07-16T16:17:40","date_gmt":"2013-07-16T15:17:40","guid":{"rendered":"http:\/\/www.phillips321.co.uk\/?p=1053"},"modified":"2013-07-16T16:18:30","modified_gmt":"2013-07-16T15:18:30","slug":"simple-python-code-to-create-an-eicar-virus","status":"publish","type":"post","link":"https:\/\/www.phillips321.co.uk\/2013\/07\/16\/simple-python-code-to-create-an-eicar-virus\/","title":{"rendered":"Simple python code to create an eicar virus"},"content":{"rendered":"

So it’s annoying when you’re testing AV and you need to create an eicar virus<\/a>. Usually the AV will keep deleting the file and your text string.<\/p>\n

This simple code is given the file name and will produce the output file. The benefit of using this script is that the eicar string is not actually stored inside the script as clear text.<\/p>\n

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<\/div><\/td>
#!\/usr\/bin\/env python<\/span>
\n# Author: phillips321<\/span>
\n# Site: www.phillips321.co.uk<\/span>
\n# Version: 0.1<\/span>
\n# About: Creates a file containing eicar test string<\/span>
\n
\nimport<\/span> sys<\/span>,<\/span> time<\/span>
\ntry<\/span>:
\n    filename=<\/span>sys<\/span>.argv<\/span>[<\/span>1<\/span>]<\/span>
\nexcept<\/span>:
\n    filename=<\/span>"eicar.txt"<\/span>
\neicarhex=<\/span>"58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e444152442d414e544956495255532d544553542d46494c452124482b482a"<\/span>
\n
\ntry<\/span>:
\n    print<\/span> "Writing to %s..."<\/span> % filename
\n    for<\/span> l in<\/span> eicarhex.decode<\/span>(<\/span>"hex"<\/span>)<\/span>:
\n        sys<\/span>.stdout<\/span>.write<\/span>(<\/span>l)<\/span>
\n        time<\/span>.sleep<\/span>(<\/span>0.05<\/span>)<\/span>
\n    print<\/span> "\\n<\/span>Complete"<\/span>
\n    fdesc =<\/span> open<\/span>(<\/span>filename,<\/span> "w"<\/span>)<\/span>
\nexcept<\/span>:
\n    print<\/span> "Unable to write to eicar.txt"<\/span>
\nelse<\/span>:
\n    fdesc.write<\/span>(<\/span>eicarhex.decode<\/span>(<\/span>"hex"<\/span>)<\/span>)<\/span>
\n    fdesc.close<\/span>(<\/span>)<\/span><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n","protected":false},"excerpt":{"rendered":"

So it’s annoying when you’re testing AV and you need to create an eicar virus. Usually the AV will keep deleting the file and your text string. This simple code is given the file name and will produce the output file. The benefit of using this script is that the eicar string is not actually […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[381,111,383,382],"_links":{"self":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/1053"}],"collection":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/comments?post=1053"}],"version-history":[{"count":2,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/1053\/revisions"}],"predecessor-version":[{"id":1055,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/1053\/revisions\/1055"}],"wp:attachment":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/media?parent=1053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/categories?post=1053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/tags?post=1053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}