EICAR / GTUBE AV Test Signature Output Request - ATR-2026-00281 (44058ba5-c77a-54f3-940c-e72af72f338c)
Detects requests for the model to output known antivirus test signatures (EICAR, GTUBE, Cisco outbreak filter URL). From NVIDIA garak av_spam_scanning.py probe — if an LLM application outputs these signatures without triggering AV/spam scanning, it confirms the output pipeline has no antivirus layer, making it safe for an attacker to attempt output of real malware signatures. Also detects requests to output Metasploit shellcode test strings or known-bad hash values as a scanner bypass check.