EICAR Virus Test maliciously used to delete logs?

No, it won't work this way.

Reading the documentation from EICAR we can see why:

The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters.

So, the file must start with the said string, and must not be larger than 128 bytes. All of your logs will probably start with a timestamp, and have more than 128 bytes on it.


Although the EICAR test string won't cause logs to be deleted when it is appended to them, there are other strings which will. You can piss a lot of people off on IRC by going on large channels and posting strings that come from genuinely malicious code and see how many people disconnect instantly when their AV kills the IRC client, just to rejoin a short time later and complain that their log file was eaten. This generally only works with malicious HTML or JS, though, as it's most likely to contain printable ASCII that would be recognized as a viral signature.

There are more malicious uses of this trick than irritating people in online chats. Badly configured servers that scan log files can end up destroying evidence if said evidence contains "viral" strings.