We help IT Professionals succeed at work.

Where can I acquire defanged threats to use in an Antivirus Testing lab?

mchenry2677 asked
I would like to conduct some of my own testing on a couple of Antivirus solutions for our company. I have seen security presentations where the engineers had folders full of "defanged" threats to use to test the ability of different antivirus solutions, but I have not been able to find any of these files to download myself. Does anyone know where I could acquire these?
Watch Question


I've played with EICAR files a little bit already and have yet to find an app that doesn't detect and instantly delete them... I was looking for something a little more versatile / harder to detect.
You can get samples of malware from http://www.offensivecomputing.net/ which a legitimate site where malware samples are exchanged for the purpose of research - you'll need to register an account.

Note well, however, that these are not de-fanged samples - they may have very sharp teeth indeed.


That's closer to what I was looking for--may actually work better.

Thanks, jahboite!
btanExec Consultant
Distinguished Expert 2018

They would have got it through their honeypots (exposed out in the wild) - in specific can explore Honeyd and HoneyC @ https://www.honeynet.org/project

Another link to check out is milw0rm (but I believe it is not maintained already, latest at 2009)
@ http://www.milw0rm.com/