Had the spare time to run a miniature test right now, and I'm kind of intrigued with what happened.
So, let's recap what happened after I turned off BD:
I have the basic Eicar test file, and the basic EICAR text file, and no other test files used. I put the text file into 7z compression, and did another layer of 7z compression to make a double compressed file (which is much harder to located). I kept the standard DOS files in the zipped folders that came straight off the EICAR website. I then labelled everything, and turned BD back on.
What I find interesting is that BD found the originals, and the two zipped files, but absolutely nothing noteworthy in the 7z compressed folders. While 7z compression isn't extremely common, it is a very attractive compression for those who are trying to save space. As you all can see, BD only recognises four of the six test files/folders as having an "infection", though it does make the note that they are not viruses. You will also notice that the 7z files gave no indication that there was a potential payload, and went by without raising any alarm.
Now, before anyone raises an alarm, this is exactly how I performed the test:
- Reactivate the on-demand scanner
- Reactive virus shield
- Navigate to the folder
- Watch BD pick up 4/6 of the test files as malicious
I did a manual scan on the remaining 7z compressed folders, and BD picked them up. I'll be leaving within fifteen minutes, or I'd do even more testing; however, I figured this was enough to put out for every to see. This is extremely basic testing, and took me about 10 minutes to complete (writing this takes longer). Feel free to run this test yourselves, and report any different results. As you can see, EICAR files are harmless, and pose no genuine threat (then again, I'm some dude on the internet lol).
I think this will be food for some interesting testing. I do wonder why BD didn't pick up on the 7z files with the virus shield, but I don't know if a payload could be delivered with a 7z file in the same way one would deliver it with a compressed file. Depending on how it's done, and the potential threat posed, you could probably just scan it immediately after downloading, to prevent an infection from spreading.
Also, a little FYI: if you download the EICAR test files from eicar.org, and your browser blocks the download, don't get scared. I'd recommend navigating to their download page, disabling your AV, download, set up your test, and then enable your AV. Unless your computer is already prone to infection, you should have no worries about running this test; it is harmless, and by having these test files on your computer there is no way they will cause an infection.