Use EICAR test strings as passwords so when the password is stored as plain text the antivirus software will delete the file.
this post was submitted on 03 Nov 2025
1234 points (98.4% liked)
memes
19413 readers
1148 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads/AI Slop
No advertisements or spam. This is an instance rule and the only way to live. We also consider AI slop to be spam in this community and is subject to removal.
A collection of some classic Lemmy memes for your enjoyment
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
Dude makes a whole binary of a virus his password.
Doesn't have to be a binary file, toss the string in a txt file and the AV still throws a fit.
load more comments
(1 replies)
load more comments
(1 replies)
What is an EICAR test string?
a computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization to test the response of computer antivirus programs. Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use real malware.
This sounds like a step towards computer vaccines, and I'm not about to let my computer get autism, thank you.
load more comments
(2 replies)
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
A specific string of text that you can use to test your AV without actually grabbing a virus.
Unfortunately there is significant overlap between plain-text-password-servers and servers that can't be bothered to use antivirus. Also, the string may not work if it's not at the start of the file. AV often doesn't process the whole file for efficiency purposes.
It's not about the password on the server where you want to log in, it's about CSV files stored on the machine of the cybercrook who wants to use the passwords to steal people's identities.
Sadly it wouldn't work if found in a CSV file with other records:
According to EICAR's specification the antivirus detects the test file only if it starts with the 68-byte test string and is not more than 128 bytes long. As a result, antiviruses are not expected to raise an alarm on some other document containing the test string
load more comments
(1 replies)
load more comments
(3 replies)
fun fact, "commas" does not require an apostrophe
Single quotes are another great way to mess with unsanitized data input though
I'm watching the collective knowledge of my civilization crumble and I'm powerless to stop it
load more comments
(1 replies)
Add comma's
Add commas what?
Adding an apostrophe makes the s possessive
The apostrophe is to announce that the next letter will be an 'S'!
As observed by that legendary grammarian Dave Barry.
load more comments
(4 replies)
load more comments
(8 replies)
Interesting... I wrote a gag comment about using an SQL injection as my password and crashed the Lemmy API. Using connect if that makes any difference.
noice! Did the '; DROP TABLE USERS;' respond?
Almost line for line. A wall of XML popped up when I hit submit. Looks like yours went through.
load more comments
(2 replies)
Like the Bobby tables? Can u put it in a coffee?
Bobby', --
load more comments
(6 replies)
Don't add apostrophes to make words plural, that's not how it works.
Until next time
They had to put a comma in there somewhere. Even of it was in the wrong place and upside down.
load more comments
(1 replies)
load more comments
(8 replies)
Sadly, no. CSV files can deal with embedded commas via quoting or escaping. Given that most of the dumps are going to be put together and consumed via common libraries (e.g.python's csv module), that's all going to happen automagically.
Can be != will be
You're looping over 50M records, extracting into your csv. Did you bother using the appropriate library, or did your little perl script just do split(/,/,$line)
load more comments
(5 replies)
CSV has standard escape sequences. This is pointless
See RFC-4180:
CSV existed for over 30 years before RFC 4180. Excel, and countless other tools, have their own incompatible variants. Excel in particular is infamous for mangling separators when exporting to CSV.
Fuck Excel's CSV handing. It differs by locale, silently. Imagine the thousands of people every year who patiently wait to import a multi-megabyte CSV from some instrument only to see garbage because their language uses the decimal comma and semicolon separator.
load more comments
(1 replies)
load more comments
(1 replies)
That standard won't stop me because I can't read!
load more comments
(6 replies)
Thanks to my password manager, commas are among the more tame characters that occur in my passwords.
load more comments
(6 replies)
OP thinks security researchers don't understand how to properly serialize data for correct deserialization. OP also thinks they largely use CSV.
OP is uninformed and just found it funny and worth sharing. Good day
load more comments
(7 replies)
Mine are typical error messages.
See you next time!
Comma, single quote, double quote, escape last \ and all your cases are covered.
ngl this got a good fucking chuckle out of me
view more: next ›